513 matches found
CVE-2022-1047
The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...
Cross site scripting
The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...
CVE-2022-1047
CVE-2022-1047 affects the WordPress plugin Themify - Post Type Builder Search Addon (before version 1.4.0). The vulnerability is a reflected XSS caused by improper escaping of the current page URL when reusing it in an HTML attribute. Several sources (NVD, Red Hat, CVE lists, Patchstack, WPScan) ...
CVE-2022-1047 Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting
The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...
WordPress plugin Themify Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting
The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...
Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting
The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. PoC On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...
WordPress Themify - Post Type Builder Search Addon premium plugin <= 1.3.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Kevin Barbón García, David Álvarez Robles, Francisco Díaz-Pache Alonso & Sergio Corral Cristo in WordPress Themify - Post Type Builder Search Addon premium plugin versions = 1.3.9. Solution Update the WordPress Themify - Post Type...
WordPress Themify Portfolio Post plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Themify Portfolio Post...
CVE-2022-0200
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0200
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0200
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
Cross site scripting
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0200
The CVE-2022-0200 entry concerns the Themify Portfolio Post WordPress plugin before version 1.1.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the plugin failing to sanitize and escape the num_of_pages parameter in the response of the themify_create_popup_page_pagination AJ...
CVE-2022-0200 Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Themify Portfolio Post...
WordPress Themify Portfolio Post plugin <= 1.1.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Themify Portfolio Post plugin versions = 1.1.6. Solution Update the WordPress Themify Portfolio Post plugin to the latest available version at least 1.1.7...
Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting alert/XSS/;'...
Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC...
Themify Builder < 5.3.2 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in attributes and tags in an admin page, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=themify-global-styles=" https://example.com/wp-admin/admin.php?page=themify-global-style...