Lucene search

K

Themify Security Vulnerabilities

cve
cve

CVE-2023-46148

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-19 12:15 PM
26
cve
cve

CVE-2023-46146

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-19 12:15 PM
28
cve
cve

CVE-2024-6027

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-21 10:15 AM
25
cve
cve

CVE-2024-31366

Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-04-09 08:15 AM
26
cve
cve

CVE-2024-31365

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-04-09 08:15 AM
30
cve
cve

CVE-2024-30440

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through...

5.9CVSS

9.1AI Score

0.0004EPSS

2024-03-29 06:15 PM
38
cve
cve

CVE-2023-46145

Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
30
cve
cve

CVE-2024-24872

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-02-21 07:15 AM
51
cve
cve

CVE-2023-51693

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through...

6.5CVSS

5.4AI Score

0.0004EPSS

2024-02-01 11:15 AM
26
cve
cve

CVE-2023-46149

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

9.9CVSS

8.7AI Score

0.001EPSS

2023-12-20 07:15 PM
24
cve
cve

CVE-2023-46147

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

8.8CVSS

8.7AI Score

0.001EPSS

2023-12-20 02:15 PM
6
cve
cve

CVE-2022-4464

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high.....

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-16 04:15 PM
22
cve
cve

CVE-2023-2654

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.1AI Score

0.001EPSS

2023-06-19 11:15 AM
24
cve
cve

CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-13 03:15 PM
23
cve
cve

CVE-2022-4787

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-30 09:15 PM
23
cve
cve

CVE-2022-32970

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-05-10 09:15 AM
11
cve
cve

CVE-2022-1532

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site...

6.1CVSS

6AI Score

0.001EPSS

2022-06-13 01:15 PM
44
4
cve
cve

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting...

6.1CVSS

6AI Score

0.001EPSS

2022-05-09 05:15 PM
49
6
cve
cve

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site...

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-14 12:15 PM
62
cve
cve

CVE-2013-20002

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php...

9.8CVSS

9.7AI Score

0.028EPSS

2021-06-17 04:15 PM
30
11
cve
cve

CVE-2021-24129

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom.....

5.4CVSS

5.4AI Score

0.001EPSS

2021-03-18 03:15 PM
24