3 matches found
CVE-2022-0200
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2022-0200
The CVE-2022-0200 entry concerns the Themify Portfolio Post WordPress plugin before version 1.1.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the plugin failing to sanitize and escape the num_of_pages parameter in the response of the themify_create_popup_page_pagination AJ...
CVE-2022-0200 Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...