494 matches found
PT-2025-36127
Name of the Vulnerable Software and Affected Versions: Themify Popup versions through 1.4.4 Description: Themify Popup contains a stored cross-site scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web...
CVE-2025-49395
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Icons themify-icons allows Stored XSS.This issue affects Themify Icons: from n/a through = 2.0.3...
CVE-2025-49396
Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...
CVE-2025-49392
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through = 2.0.5...
WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Themify Audio Dock versions = 2.0.5...
WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Themify Icons versions = 2.0.3...
WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Themify Builder versions = 7.6.7...
CVE-2025-49396
Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...
CVE-2025-49392
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through = 2.0.5...
CVE-2025-49395
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Icons themify-icons allows Stored XSS.This issue affects Themify Icons: from n/a through = 2.0.3...
CVE-2025-49395
CVE-2025-49395 affects Themify Icons plugin for WordPress (versions up to 2.0.3). The issue is a Stored Cross-Site Scripting (XSS) caused by improper neutralization of user-supplied input during web page generation. Exploitation could allow an attacker to inject and execute script in an admin/use...
CVE-2025-49395 WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Icons themify-icons allows Stored XSS.This issue affects Themify Icons: from n/a through = 2.0.3...
CVE-2025-49395 WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.3...
CVE-2025-49392 WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through = 2.0.5...
CVE-2025-49392 WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Audio Dock allows Stored XSS. This issue affects Themify Audio Dock: from n/a through 2.0.5...
CVE-2025-49392
The CVE-2025-49392 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Themify Audio Dock for WordPress, applicable to versions up to 2.0.5. The issue arises from improper input neutralization during web page generation. Public sources in connected documents (NVD, PatchStack, PT-...
CVE-2025-49396
CVE-2025-49396 covers a missing/incorrectly authorized access issue in the WordPress plugin Themify Builder up to version 7.6.7 . Multiple sources (PT-security PT-2025-33938, CNNVD, CVE records) describe a Broken Access Control / Missing Authorization vulnerability that could be exploited due to ...
CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through = 7.6.7...
CVE-2025-49396 WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability
Missing Authorization vulnerability in themifyme Themify Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Themify Builder: from n/a through 7.6.7...
PT-2025-33937 · WordPress · Themify Icons
Name of the Vulnerable Software and Affected Versions: Themify Icons versions through 2.0.3 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which results in a Stored Cross-site Scripting condition. Recommendations: At the moment, there is n...