Lucene search
K

96 matches found

CVE
CVE
added 2024/10/05 1:59 a.m.68 views

CVE-2024-9385

The CVE-2024-9385 entry concerns Themify Builder for WordPress (versions up to and including 7.6.2). It is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper escaping of URLs when using add_query_arg, enabling unauthenticated attackers to inject scripts via crafted links. Pub...

6.1CVSS6.3AI score0.0036EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/05 1:59 a.m.12 views

CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS6.4AI score0.0036EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/05 1:59 a.m.28 views

CVE-2024-9385 Themify Builder <= 7.6.2 - Reflected Cross-Site Scripting

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS0.0036EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/05 12:0 a.m.6 views

WordPress plugin Themify Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6.2AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.6 views

PT-2024-39610 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated...

6.1CVSS6.8AI score0.0036EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/08/22 5:30 a.m.6 views

WordPress Themify Builder plugin <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication vulnerability

Missing Authorization to Authenticated Contributor+ Post Duplication vulnerability discovered by Peter Thaleikis in WordPress Plugin Themify Builder versions = 7.6.1...

4.3CVSS7AI score0.0029EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/22 3:15 a.m.3 views

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2024/08/22 3:15 a.m.24 views

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS0.0029EPSS
Exploits0References2
CVE
CVE
added 2024/08/22 2:2 a.m.56 views

CVE-2024-7836

CVE-2024-7836 affects the WordPress plugin Themify Builder: all versions up to and including 7.6.1 are vulnerable to unauthorized post duplication due to missing checks in the duplicate_page_ajaxify function. This allows authenticated attackers with Contributor-level access and above to duplicate...

4.3CVSS4.4AI score0.0029EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/22 2:2 a.m.14 views

CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS6.8AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.5 views

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.4AI score0.0029EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/22 12:0 a.m.13 views

WordPress Themify Builder Plugin <= 7.6.1 is vulnerable to Broken Access Control

Software Themify Builder Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7836 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bd6e0e69059b Credits Peter Thaleikis Required...

4.3CVSS6.6AI score0.0029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.6 views

PT-2024-38615 · WordPress · Themify Builder

Name of the Vulnerable Software and Affected Versions: Themify Builder plugin for WordPress versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate and view private or draft posts created by other users, due t...

4.3CVSS6.6AI score0.0029EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/06/13 9:41 a.m.4 views

WordPress Themify Builder plugin < 7.5.8 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Valentin LOBSTEIN in WordPress Plugin Themify Builder versions 7.5.8...

6.1CVSS7AI score0.00823EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/06/13 6:15 a.m.26 views

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS0.00823EPSS
Exploits2References1
OSV
OSV
added 2024/06/13 6:15 a.m.2 views

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.1CVSS5.8AI score0.00823EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/13 6:0 a.m.15 views

CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

6.7AI score0.00823EPSS
Exploits2References1
CVE
CVE
added 2024/06/13 6:0 a.m.85 views

CVE-2024-3032

The CVE-2024-3032 entry concerns the WordPress Themify Builder plugin prior to version 7.5.8, which contains an open redirect vulnerability. The issue stems from not validating the tb_redirect_fail parameter before redirecting the user to its value, enabling redirection to an attacker-controlled ...

6.1CVSS6.5AI score0.00823EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/06/13 6:0 a.m.27 views

CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

0.00823EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/06/13 12:0 a.m.9 views

WordPress Themify Builder Plugin < 7.5.8 is vulnerable to Open Redirection

Software Themify Builder Type Plugin Vulnerable versions 7.5.8 Fixed in 7.5.8 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3032 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 72a5598c790a Credits Valentin LOBSTEIN Required privilege...

6.1CVSS6.8AI score0.00823EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder