Vulnerabilities > Themify
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-14 | CVE-2024-4567 | Unspecified vulnerability in Themify Shortcodes The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-26 | CVE-2024-2732 | Unspecified vulnerability in Themify Shortcodes The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-21 | CVE-2024-24872 | Unspecified vulnerability in Themify Builder Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. | 8.8 |
| 2024-02-01 | CVE-2023-51693 | Unspecified vulnerability in Themify Icons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1. | 5.4 |
| 2023-12-20 | CVE-2023-46149 | Unspecified vulnerability in Themify Ultra Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
| 2023-12-20 | CVE-2023-46147 | Unspecified vulnerability in Themify Ultra Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | 8.8 |
| 2023-06-19 | CVE-2023-2654 | Unspecified vulnerability in Themify Conditional Menus The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-05-10 | CVE-2022-32970 | Unspecified vulnerability in Themify Portfolio Post Auth. | 5.4 |
| 2023-02-13 | CVE-2023-0362 | Unspecified vulnerability in Themify Portfolio Post Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2023-01-30 | CVE-2022-4787 | Cross-site Scripting vulnerability in Themify Shortcodes Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 5.4 |