Vulnerabilities > Themify
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-19 | CVE-2023-46148 | Unspecified vulnerability in Themify Ultra Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
| 2024-06-13 | CVE-2024-3032 | Open Redirect vulnerability in Themify Builder Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | 6.1 |
| 2024-05-17 | CVE-2023-46145 | Unspecified vulnerability in Themify Ultra Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
| 2024-05-14 | CVE-2024-4567 | Unspecified vulnerability in Themify Shortcodes The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-26 | CVE-2024-2732 | Unspecified vulnerability in Themify Shortcodes The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-21 | CVE-2024-24872 | Unspecified vulnerability in Themify Builder Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. | 8.8 |
| 2024-02-01 | CVE-2023-51693 | Unspecified vulnerability in Themify Icons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1. | 5.4 |
| 2023-12-20 | CVE-2023-46149 | Unspecified vulnerability in Themify Ultra Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
| 2023-12-20 | CVE-2023-46147 | Unspecified vulnerability in Themify Ultra Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
| 2023-06-19 | CVE-2023-2654 | Unspecified vulnerability in Themify Conditional Menus The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |