2 matches found
CVE-2024-56216
The CVE-2024-56216 entry concerns a PHP Remote File Inclusion vulnerability in the WordPress Themify Builder plugin (affected: versions up to 7.6.3) that enables PHP Local File Inclusion via improper control of include/require filename. Root cause: insecure handling of file paths in include/requi...
CVE-2024-52423
CVE-2024-52423 is a Stored XSS vulnerability in the WordPress plugin Themify Builder. The issue arises from improper neutralization of input during web page generation, enabling an attacker to inject scripts. Affected product: Themify Builder; affected versions include 7.6.3 (and earlier per the ...