5 matches found
CVE-2022-0200
The CVE-2022-0200 entry concerns the Themify Portfolio Post WordPress plugin before version 1.1.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the plugin failing to sanitize and escape the num_of_pages parameter in the response of the themify_create_popup_page_pagination AJ...
CVE-2021-24129
The CVE-2021-24129 entry concerns the WordPress Themify Portfolio Post plugin. Affected: versions before 1.1.6. Root cause: unvalidated input and lack of output encoding in the plugin, enabling Stored Cross-Site Scripting (XSS). Impact: low-privilege users (Contributor+) can inject JavaScript/HTM...
CVE-2022-4464
The CVE concerns Themify Portfolio Post WordPress plugin prior to 1.2.1. The issue is that the plugin does not validate and escapes certain shortcode attributes before outputting them, enabling Stored XSS by users with as little as a contributor, potentially targeting admin users. A PoC shortcode...
CVE-2023-0362
The CVE-2023-0362 entry concerns the WordPress plugin Themify Portfolio Post (before 1.2.2). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by not validating/escaping certain shortcode attributes before output in posts/pages, enabling users with the Contributor role and abov...
CVE-2022-32970
CVE-2022-32970 is a stored XSS in the Themify Portfolio Post WordPress plugin (