Lucene search
K
ThemifyPortfolio Post

5 matches found

CVE
CVE
added 2022/02/14 9:21 a.m.84 views

CVE-2022-0200

The CVE-2022-0200 entry concerns the Themify Portfolio Post WordPress plugin before version 1.1.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the plugin failing to sanitize and escape the num_of_pages parameter in the response of the themify_create_popup_page_pagination AJ...

5.4CVSS5.2AI score0.006EPSS
Web
CVE
CVE
added 2021/03/18 2:57 p.m.56 views

CVE-2021-24129

The CVE-2021-24129 entry concerns the WordPress Themify Portfolio Post plugin. Affected: versions before 1.1.6. Root cause: unvalidated input and lack of output encoding in the plugin, enabling Stored Cross-Site Scripting (XSS). Impact: low-privilege users (Contributor+) can inject JavaScript/HTM...

5.4CVSS5.4AI score0.00658EPSS
CVE
CVE
added 2023/01/16 3:37 p.m.55 views

CVE-2022-4464

The CVE concerns Themify Portfolio Post WordPress plugin prior to 1.2.1. The issue is that the plugin does not validate and escapes certain shortcode attributes before outputting them, enabling Stored XSS by users with as little as a contributor, potentially targeting admin users. A PoC shortcode...

5.4CVSS5.3AI score0.00534EPSS
CVE
CVE
added 2023/02/13 2:32 p.m.55 views

CVE-2023-0362

The CVE-2023-0362 entry concerns the WordPress plugin Themify Portfolio Post (before 1.2.2). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by not validating/escaping certain shortcode attributes before output in posts/pages, enabling users with the Contributor role and abov...

5.4CVSS5.3AI score0.00526EPSS
CVE
CVE
added 2023/05/10 8:56 a.m.43 views

CVE-2022-32970

CVE-2022-32970 is a stored XSS in the Themify Portfolio Post WordPress plugin (

5.4CVSS4.7AI score0.00364EPSS