Lucene search
K

508 matches found

Nuclei
Nuclei
added 14 hours ago43 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS6.1AI score0.00823EPSS
Exploits2References2
NVD
NVD
added yesterday4 views

CVE-2026-57369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through = 7.7.4...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57369

CVE-2026-57369 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Themify Builder (versions up to and including 7.7.4). The issue arises from improper neutralization of user input during web page generation, enabling an attacker to inject script via crafted input that...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-57369 WordPress Themify Builder plugin <= 7.7.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through = 7.7.4...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 3 days ago13 views

CVE-2026-15097

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00201EPSS
Exploits0References6
NVD
NVD
added 3 days ago7 views

CVE-2026-15096

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43139

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 3 days ago10 views

CVE-2026-15096

The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-15096 Themify Builder <= 7.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Module 'b_width_map' Field

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43132

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-15097

CVE-2026-15097 affects Themify Builder for WordPress (up to version 7.7.6). The issue is a Stored Cross-Site Scripting via the height_slider Slider Module Field caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and high...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-57391

Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Insufficient input sanitization and output escaping in the Map Module allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This is...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-57392

Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/07/07 9:8 a.m.5 views

WordPress Themify Builder plugin <= 7.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Themify Builder versions = 7.7.4...

7.1CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:30 a.m.9 views

CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:30 a.m.36 views

CVE-2026-56037 WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:30 a.m.19 views

CVE-2026-56037

The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.4 views

WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.4 views

WordPress Themify Event Post plugin <= 1.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Event Post versions = 1.3.3...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
Rows per page
Query Builder