Vulnerabilities > Themify > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-22 | CVE-2024-13319 | Cross-site Scripting vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. | 6.1 |
| 2024-12-31 | CVE-2024-56216 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Themify Builder Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3. | 6.5 |
| 2024-11-18 | CVE-2024-52423 | Cross-site Scripting vulnerability in Themify Builder Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3. | 5.4 |
| 2024-10-05 | CVE-2024-9385 | Cross-site Scripting vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. | 6.1 |
| 2024-08-22 | CVE-2024-7836 | Incorrect Authorization vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. | 4.3 |
| 2024-06-13 | CVE-2024-3032 | Open Redirect vulnerability in Themify Builder Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | 6.1 |
| 2024-02-01 | CVE-2023-51693 | Unspecified vulnerability in Themify Icons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Icons allows Stored XSS.This issue affects Themify Icons: from n/a through 2.0.1. | 5.4 |
| 2023-06-19 | CVE-2023-2654 | Unspecified vulnerability in Themify Conditional Menus The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-05-10 | CVE-2022-32970 | Unspecified vulnerability in Themify Portfolio Post Auth. | 5.4 |
| 2023-02-13 | CVE-2023-0362 | Unspecified vulnerability in Themify Portfolio Post Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |