Vulnerabilities > Themify

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-51693 Cross-site Scripting vulnerability in Themify Icons
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1.
network
low complexity
themify CWE-79
5.4
2023-12-20 CVE-2023-46149 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Ultra
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
network
low complexity
themify CWE-434
8.8
2023-12-20 CVE-2023-46147 Deserialization of Untrusted Data vulnerability in Themify Ultra 7.3.5
Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
network
low complexity
themify CWE-502
8.8
2023-06-19 CVE-2023-2654 Unspecified vulnerability in Themify Conditional Menus
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
themify
6.1
2023-05-10 CVE-2022-32970 Cross-site Scripting vulnerability in Themify Portfolio Post
Auth.
network
low complexity
themify CWE-79
5.4
2023-02-13 CVE-2023-0362 Unspecified vulnerability in Themify Portfolio Post
Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
network
low complexity
themify
5.4
2023-01-30 CVE-2022-4787 Cross-site Scripting vulnerability in Themify Shortcodes
Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
network
low complexity
themify CWE-79
5.4
2023-01-16 CVE-2022-4464 Unspecified vulnerability in Themify Portfolio Post
Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin.
network
low complexity
themify
5.4
2022-06-13 CVE-2022-1532 Cross-site Scripting vulnerability in Themify Woocommerce Product Filter
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
network
themify CWE-79
4.3
2022-05-09 CVE-2022-1047 Cross-site Scripting vulnerability in Themify Post Type Builder Search Addon
The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.
network
themify CWE-79
4.3