508 matches found
WordPress Themify Builder < 7.5.8 - Open Redirect
The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...
CVE-2026-57369
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through = 7.7.4...
CVE-2026-57369
CVE-2026-57369 is a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Themify Builder (versions up to and including 7.7.4). The issue arises from improper neutralization of user input during web page generation, enabling an attacker to inject script via crafted input that...
CVE-2026-57369 WordPress Themify Builder plugin <= 7.7.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through = 7.7.4...
CVE-2026-15097
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-15096
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
EUVD-2026-43139
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
CVE-2026-15096
The CVE concerns the Themify Builder WordPress plugin. A Stored Cross-Site Scripting (XSS) flaw exists in the Map Module’s b_width_map field across all versions up to 7.7.6, caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or hig...
CVE-2026-15096 Themify Builder <= 7.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Module 'b_width_map' Field
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
EUVD-2026-43132
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-15097
CVE-2026-15097 affects Themify Builder for WordPress (up to version 7.7.6). The issue is a Stored Cross-Site Scripting via the height_slider Slider Module Field caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and high...
PT-2026-57391
Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Insufficient input sanitization and output escaping in the Map Module allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This is...
PT-2026-57392
Name of the Vulnerable Software and Affected Versions Themify Builder versions prior to 7.7.7 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts...
WordPress Themify Builder plugin <= 7.7.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Themify Builder versions = 7.7.4...
CVE-2026-56037
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
CVE-2026-56037
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
CVE-2026-56037 WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
CVE-2026-56037
The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...
WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...
WordPress Themify Event Post plugin <= 1.3.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Event Post versions = 1.3.3...