Lucene search
K

96 matches found

NVD
NVD
added 2025/08/20 8:15 a.m.7 views

CVE-2025-49396

Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...

4.3CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.5 views

CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themifyme Themify Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Themify Builder: from n/a through 7.6.7...

4.3CVSS6.6AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:3 a.m.20 views

CVE-2025-49396

CVE-2025-49396 covers a missing/incorrectly authorized access issue in the WordPress plugin Themify Builder up to version 7.6.7 . Multiple sources (PT-security PT-2025-33938, CNNVD, CVE records) describe a Broken Access Control / Missing Authorization vulnerability that could be exploited due to ...

4.3CVSS5.9AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.14 views

CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...

4.3CVSS0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.5 views

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-33938 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder versions through 7.6.7 Description: A missing authorization issue exists in Themify Builder, allowing exploitation of incorrectly configured access control security levels. Recommendations: Update Themify Builder to a version...

4.3CVSS6.4AI score0.00222EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.8 views

CVE-2024-52423

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.This issue affects Themify Builder: from n/a through = 7.6.5...

6.5CVSS7.2AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.14 views

CVE-2024-24872

Cross-Site Request Forgery CSRF vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5...

8.8CVSS6.3AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:21 a.m.3 views

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS6.8AI score0.00823EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:7 a.m.4 views

CVE-2024-56216

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through = 7.6.3...

6.5CVSS7.2AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.5 views

CVE-2024-9385

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS5.6AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.11 views

CVE-2024-13319

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS6.4AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2025/01/22 8:15 a.m.3 views

CVE-2024-13319

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS7.4AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2025/01/22 8:15 a.m.21 views

CVE-2024-13319

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 7:29 a.m.22 views

CVE-2024-13319 Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/22 7:29 a.m.19 views

CVE-2024-13319 Themify Builder <= 7.6.5 - Reflected Cross-Site Scripting

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS6.1AI score0.0028EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 7:29 a.m.65 views

CVE-2024-13319

CVE-2024-13319 (Themify Builder) is a reflected XSS in the WordPress plugin Themify Builder, caused by using add_query_arg without proper escaping. Affects versions up to and including 7.6.5. Exploitation requires a user to click a crafted link after an action is performed. Wordfence/Red Hat and ...

6.1CVSS6.1AI score0.0028EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/01/22 12:0 a.m.4 views

WordPress plugin Themify Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Themify...

6.1CVSS8AI score0.0028EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/21 10:50 p.m.5 views

WordPress Themify Builder plugin <= 7.6.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Themify Builder versions = 7.6.6...

6.1CVSS6.3AI score0.0028EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/31 10:15 a.m.23 views

CVE-2024-56216

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through = 7.6.3...

6.5CVSS0.00449EPSS
Exploits0References1
Rows per page
Query Builder