96 matches found
CVE-2024-9385
The CVE-2024-9385 entry concerns Themify Builder for WordPress (versions up to and including 7.6.2). It is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper escaping of URLs when using add_query_arg, enabling unauthenticated attackers to inject scripts via crafted links. Pub...
CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
WordPress plugin Themify Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-39610 · WordPress · Themify Builder
Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...
WordPress Themify Builder plugin <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication vulnerability
Missing Authorization to Authenticated Contributor+ Post Duplication vulnerability discovered by Peter Thaleikis in WordPress Plugin Themify Builder versions = 7.6.1...
CVE-2024-7836
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
CVE-2024-7836
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
CVE-2024-7836
CVE-2024-7836 affects the WordPress plugin Themify Builder: all versions up to and including 7.6.1 are vulnerable to unauthorized post duplication due to missing checks in the duplicate_page_ajaxify function. This allows authenticated attackers with Contributor-level access and above to duplicate...
CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
WordPress plugin Themify Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Themify Builder Plugin <= 7.6.1 is vulnerable to Broken Access Control
Software Themify Builder Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6e0e69059b Credits Peter Thaleikis Required...
PT-2024-38615 · WordPress · Themify Builder
Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate and view private or draft posts created by other users, due t...
WordPress Themify Builder plugin < 7.5.8 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Valentin LOBSTEIN in WordPress Plugin Themify Builder versions 7.5.8...
CVE-2024-3032
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2024-3032
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
CVE-2024-3032
The CVE-2024-3032 entry concerns the WordPress Themify Builder plugin prior to version 7.5.8, which contains an open redirect vulnerability. The issue stems from not validating the tb_redirect_fail parameter before redirecting the user to its value, enabling redirection to an attacker-controlled ...
CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...
WordPress Themify Builder Plugin < 7.5.8 is vulnerable to Open Redirection
Software Themify Builder Type Plugin Vulnerable versions 7.5.8 Fixed in 7.5.8 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3032 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 72a5598c790a Credits Valentin LOBSTEIN Required privilege...