Lucene search

Themify Builder Security Vulnerabilities - November

cve

CVE-2022-4787

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-30 09:15 PM

cve

CVE-2024-24872

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5.

4.3CVSS

5.6AI Score

0.0004EPSS

2024-02-21 07:15 AM

cve

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

6.1CVSS

6.4AI Score

0.0005EPSS

2024-06-13 06:15 AM

cve

CVE-2024-43133

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.

6.5CVSS

6.4AI Score

0.0004EPSS

2024-08-12 11:15 PM

cve

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-08-22 03:15 AM