Filtered by vendor Themify
Subscribe
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51693 | 1 Themify | 1 Icons | 2024-02-06 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1. | |||||
| CVE-2023-46147 | 1 Themify | 1 Themify Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-46149 | 1 Themify | 1 Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-2654 | 1 Themify | 1 Conditional Menus | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2022-32970 | 1 Themify | 1 Portfolio Post | 2023-12-10 | N/A | 5.4 MEDIUM |
| Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions. | |||||
| CVE-2022-4787 | 1 Themify | 1 Shortcodes | 2023-12-10 | N/A | 5.4 MEDIUM |
| Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2023-0362 | 1 Themify | 1 Portfolio Post | 2023-12-10 | N/A | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4464 | 1 Themify | 1 Portfolio Post | 2023-12-10 | N/A | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. | |||||
| CVE-2022-1047 | 1 Themify | 1 Post Type Builder Search Addon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. | |||||
| CVE-2022-0200 | 1 Themify | 1 Portfolio Post | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1532 | 1 Themify | 1 Woocommerce Product Filter | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | |||||
| CVE-2021-24129 | 1 Themify | 1 Portfolio Post | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. | |||||