Vulnerabilities > Themify > Builder > 7.6.3

DATE CVE VULNERABILITY TITLE RISK
2024-12-31 CVE-2024-56216 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Themify Builder
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3.
network
low complexity
themify CWE-829
6.5
6.5
2024-11-18 CVE-2024-52423 Cross-site Scripting vulnerability in Themify Builder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3.
network
low complexity
themify CWE-79
5.4
5.4
2024-10-05 CVE-2024-9385 Cross-site Scripting vulnerability in Themify Builder
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2.
network
low complexity
themify CWE-79
6.1
6.1