Builder@* Security Vulnerabilities and Issues — Builder@* CVE List

ThemifyBuilder*

4 matches found

CVE•added 2024/02/21 6:57 a.m.•86 views

CVE-2024-24872

CVE-2024-24872 affects the WordPress plugin Themify Builder up to version 7.0.5, with a Cross-Site Request Forgery (CSRF) vulnerability in the builder workflow. The issue can enable unauthorized actions on an authenticated user’s session. The CVE is mitigated by upgrading to Themify Builder 7.0.6...

8.8CVSS6.3AI score0.0007EPSS

CVE•added 2024/06/13 6:0 a.m.•81 views

CVE-2024-3032

The CVE-2024-3032 entry concerns the WordPress Themify Builder plugin prior to version 7.5.8, which contains an open redirect vulnerability. The issue stems from not validating the tb_redirect_fail parameter before redirecting the user to its value, enabling redirection to an attacker-controlled ...

6.1CVSS6.5AI score0.02477EPSS

Web

CVE•added 2024/10/05 1:59 a.m.•61 views

CVE-2024-9385

The CVE-2024-9385 entry concerns Themify Builder for WordPress (versions up to and including 7.6.2). It is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper escaping of URLs when using add_query_arg, enabling unauthenticated attackers to inject scripts via crafted links. Pub...

6.1CVSS6.3AI score0.02566EPSS

CVE•added 2024/08/22 2:2 a.m.•46 views

CVE-2024-7836

CVE-2024-7836 affects the WordPress plugin Themify Builder: all versions up to and including 7.6.1 are vulnerable to unauthorized post duplication due to missing checks in the duplicate_page_ajaxify function. This allows authenticated attackers with Contributor-level access and above to duplicate...

4.3CVSS4.4AI score0.00325EPSS