CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...

CVE-2024-44046 WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify – WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through = 1.5.1...

WordPress plugin Themify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Themify security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2278

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2263

Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-2262

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs...

CVE-2024-2263

Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin Themify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-19508 · WordPress · Themify

Name of the Vulnerable Software and Affected Versions: Themify WordPress plugin versions prior to 1.4.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...

PT-2024-19503 · WordPress · Themify Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Themify WordPress plugin versions prior to 1.4.4 Description: The issue concerns a lack of CSRF check in the bulk action of the Themify WordPress plugin. This could allow attackers to make logged-in users delete arbitrary filters via a CSRF...

WordPress plugin Themify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin Themify Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress plugin Themify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Themify plugin prior to 1.3.8. The...