Vulnerabilities > CVE-2022-0200 - Unspecified vulnerability in Themify Portfolio Post 1.1.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |