Lucene search

K

Themify Security Vulnerabilities

cve
cve

CVE-2024-31366

Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-04-09 08:15 AM
26
cve
cve

CVE-2024-31365

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-04-09 08:15 AM
30
cve
cve

CVE-2024-30440

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through...

5.9CVSS

9.1AI Score

0.0004EPSS

2024-03-29 06:15 PM
38
cve
cve

CVE-2023-46145

Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
30
cve
cve

CVE-2024-24872

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-02-21 07:15 AM
50
cve
cve

CVE-2023-51693

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through...

6.5CVSS

5.4AI Score

0.0004EPSS

2024-02-01 11:15 AM
25
cve
cve

CVE-2023-46149

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

9.9CVSS

8.7AI Score

0.001EPSS

2023-12-20 07:15 PM
24
cve
cve

CVE-2023-46147

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through...

8.8CVSS

8.7AI Score

0.001EPSS

2023-12-20 02:15 PM
6
cve
cve

CVE-2022-4464

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high.....

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-16 04:15 PM
22
cve
cve

CVE-2023-2654

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.1AI Score

0.001EPSS

2023-06-19 11:15 AM
24
cve
cve

CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-13 03:15 PM
23
cve
cve

CVE-2022-4787

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-30 09:15 PM
23
cve
cve

CVE-2022-32970

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4...

5.4CVSS

5.2AI Score

0.0005EPSS

2023-05-10 09:15 AM
10
cve
cve

CVE-2022-1532

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site...

6.1CVSS

6AI Score

0.001EPSS

2022-06-13 01:15 PM
43
4
cve
cve

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting...

6.1CVSS

6AI Score

0.001EPSS

2022-05-09 05:15 PM
48
6
cve
cve

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site...

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-14 12:15 PM
61
cve
cve

CVE-2013-20002

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php...

9.8CVSS

9.7AI Score

0.028EPSS

2021-06-17 04:15 PM
30
11
cve
cve

CVE-2021-24129

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom.....

5.4CVSS

5.4AI Score

0.001EPSS

2021-03-18 03:15 PM
24