CVE-2025-31047 WordPress Themify Edmin theme <= 2.0.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0...

CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...

CVE-2025-39581 WordPress Themify Shortcodes <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3...

WordPress Themify Edmin theme <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Themify Edmin versions = 2.0.0...

WordPress Themify Edmin Theme <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Themify Edmin Type Theme Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 812b4ccf0f46 Credits Tran Nguyen Bao Khanh VCI - VNPT Cybe...

WordPress Themify Newsy Theme <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Software Themify Newsy Type Theme Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46381da0b3db Credits Tran Nguyen Bao Khanh VCI - VNPT Cybe...

WordPress Themify Newsy Theme <= 1.9.9 is vulnerable to Arbitrary File Upload

Software Themify Newsy Type Theme Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-30996 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 81aeabc7a9a6 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Themify Folo Theme <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Themify Folo Type Theme Vulnerable versions = 1.9.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6a066edc64f9 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

CVE-2024-56216 WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3...

WordPress Themify Builder Plugin <= 7.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f592b7b1efcd Credits João Pedro S Alcântara Kinorth Required...

WordPress Themify Builder Plugin <= 7.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Builder Type Plugin Vulnerable versions = 7.6.2 Fixed in 7.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2ab445f01cba Credits Colin Xu Required...

WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by bugcraftx Patchstack Alliance in WordPress Plugin Themify – WooCommerce Product Filter versions = 1.5.1...

WordPress Themify – WooCommerce Product Filter Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Themify – WooCommerce Product Filter Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44046 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b38cdc945b73 Credits bugcraftx Require...

WordPress Themify Builder Plugin <= 7.6.1 is vulnerable to Broken Access Control

Software Themify Builder Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6e0e69059b Credits Peter Thaleikis Required...

WordPress Themify Shortcodes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43133 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9f19f50a864c Credits LVT-tholv2k Required privilege...

WordPress Themify Builder Plugin < 7.5.8 is vulnerable to Open Redirection

Software Themify Builder Type Plugin Vulnerable versions 7.5.8 Fixed in 7.5.8 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3032 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 72a5598c790a Credits Valentin LOBSTEIN Required privilege...

CVE-2024-30440 WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7...

WordPress Themify Shortcodes Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2732 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74cfc77cef6c Credits Krzysztof Zając...

WordPress Themify Icons Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Themify Icons Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 83a7321eca30 Credits Ray Wilson Required privilege Contributo...

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Privilege Escalation

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-46145 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 23dc050c5700 Credits Rafie Muhammad Patchstack...