CVE-2025-31013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

CVE-2025-31013

Technical details for CVE-2025-31013 are not provided in the supplied documents; no affected products, vectors, or remediation details are disclosed here. Monitor for official updates.

CVE-2025-30996

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

CVE-2025-30996

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

CVE-2025-30996 WordPress Themify Newsy <= 1.9.9 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Newsy newsy allows Upload a Web Shell to a Web Server.This issue affects Themify Newsy: from n/a through = 1.9.9...

CVE-2025-30996 Arbitrary File Upload Vulnerability in WordPress themes by Themify

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

PT-2026-1513

Name of the Vulnerable Software and Affected Versions Themify Sidepane WordPress Theme versions n/a through 1.9.8 Themify Newsy versions n/a through 1.9.9 Themify Folo versions n/a through 1.9.6 Themify Edmin versions n/a through 2.0.0 Themify Bloggie versions n/a through 2.0.8 Themify Photobox...

WordPress多款产品 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL bas...

EUVD-2025-20825

Malicious code in bioql PyPI...

CVE-2025-53546

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

CVE-2025-53546

CVE-2025-53546 affects Folo. The vulnerability arises from using pull_request_target in the GitHub Actions workflow (.github/workflows/auto-fix-lint-format-commit.yml), allowing untrusted code in the base repository to access secrets. Exploitation can exfiltrate the GITHUB_TOKEN, which has high p...

Folo 安全漏洞

Folo is an information aggregation tool open-sourced by RSSNext. Folo has a security vulnerability that stems from the use of pullrequesttarget in the GitHub Actions workflow, which could lead to elevation of privilege...

PT-2025-28898 · Folo · Folo

Name of the Vulnerable Software and Affected Versions: Folo affected versions not specified Description: Folo organizes feeds content into one timeline. The use of pull request target in the .github/workflows/auto-fix-lint-format-commit.yml workflow file can be exploited by attackers to execute...

WordPress Themify Folo <= 1.9.6 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Themify Folo versions = 1.9.6...

WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Themify Folo versions = 1.9.6...

WordPress Themify Folo Theme <= 1.9.6 is vulnerable to Arbitrary File Upload

Software Themify Folo Type Theme Vulnerable versions = 1.9.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-30996 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 1119e664a32d Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Themify Folo Theme <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Themify Folo Type Theme Vulnerable versions = 1.9.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6a066edc64f9 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

Folo - Cross Site Scripting

The folo WordPress theme was affected by a Cross Site Scripting security vulnerability...