cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13319,https://securityvulnerability.io/vulnerability/CVE-2024-13319,Reflected Cross-Site Scripting Vulnerability in Themify Builder Plugin for WordPress,"The Themify Builder plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability. This flaw arises from using the add_query_arg function without adequate escaping, allowing unauthenticated attackers to craft URLs that can inject arbitrary web scripts. If a user is misled into clicking on a manipulated link, the script will execute in the context of their session, potentially leading to unauthorized actions or data exposure. This vulnerability is present in all versions up to and including 7.6.5.",Wordpress,Themify Builder,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-22T07:29:40.540Z,0
CVE-2024-12414,https://securityvulnerability.io/vulnerability/CVE-2024-12414,Un privilegiado ataque de CSFR para el plugin de localización de tiendas de Themify,"The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Themify Store Locator,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-13T08:24:48.670Z,0
CVE-2024-9385,https://securityvulnerability.io/vulnerability/CVE-2024-9385,Themify Builder Plugin Vulnerable to Reflected Cross-Site Scripting,"The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Themify Builder,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-05T01:59:41.325Z,0
CVE-2024-7836,https://securityvulnerability.io/vulnerability/CVE-2024-7836,Unauthorized Post Duplication Vulnerability in Themify Builder Plugin,"The Themify Builder plugin for WordPress is susceptible to a security flaw that enables authenticated users, including those with Contributor-level permissions, to duplicate and access posts that should remain private or in draft form. This issue arises due to inadequate verification within the duplicate_page_ajaxify function in all versions up to and including 7.6.1. As a result, users may exploit this vulnerability to gain access to content created by other authors without proper authorization.",Wordpress,Themify Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-22T02:02:03.277Z,0
CVE-2024-6027,https://securityvulnerability.io/vulnerability/CVE-2024-6027,Unauthenticated SQL Injection Vulnerability in Themify WooCommerce Product Filter Plugin,"The article discusses a critical vulnerability, CVE-2024-6027, in the Themify WooCommerce Product Filter plugin for WordPress, allowing for unauthenticated SQL injection attacks. The vulnerability affects all versions up to 1.4.9. The potential impact includes the extraction of sensitive information from the database, and while there are no known exploits or ransomware attacks targeting this vulnerability, it is important for users to update to the latest version to safeguard their systems.",Wordpress,Themify – WooCommerce Product Filter,7.5,HIGH,0.0006000000284984708,false,,true,false,false,,false,false,2024-06-21T09:39:38.125Z,0
CVE-2024-3032,https://securityvulnerability.io/vulnerability/CVE-2024-3032,Themify Builder Plugin Open Redirect Vulnerability,"Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue",Wordpress,Themify Builder,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-06-13T06:00:02.512Z,0
CVE-2024-4567,https://securityvulnerability.io/vulnerability/CVE-2024-4567,Themify Shortcodes Plugin Vulnerable to Stored Cross-Site Scripting,"The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Themify Shortcodes,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:44:00.000Z,0
CVE-2024-2278,https://securityvulnerability.io/vulnerability/CVE-2024-2278,Themify Plugin Vulnerable to Stored Cross-Site Scripting Attacks,"The Themify WordPress plugin versions prior to 1.4.4 exhibit a vulnerability due to inadequate sanitization and escaping of certain Filter settings. This security flaw permits users with elevated privileges, particularly admins, to execute Stored Cross-Site Scripting (XSS) attacks. This can occur even in environments where the unfiltered_html capability is restricted, such as in multisite setups, potentially compromising the integrity of the site.",Wordpress,Themify,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-01T05:15:00.000Z,0
CVE-2024-2263,https://securityvulnerability.io/vulnerability/CVE-2024-2263,Themify Plugin Vulnerable to Reflected Cross-Site Scripting,"Themify  WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Themify,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-01T05:15:00.000Z,0
CVE-2024-2262,https://securityvulnerability.io/vulnerability/CVE-2024-2262,Themify Plugin Vulnerable to CSRF Attacks,"Themify  WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs",Wordpress,Themify,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-01T05:15:00.000Z,0
CVE-2024-2732,https://securityvulnerability.io/vulnerability/CVE-2024-2732,Themify Shortcodes Plugin Vulnerable to Stored Cross-Site Scripting,"The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Themify Shortcodes,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-26T01:58:54.931Z,0
CVE-2023-0362,https://securityvulnerability.io/vulnerability/CVE-2023-0362,Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS,"Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,Themify Portfolio Post,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-13T15:15:00.000Z,0
CVE-2022-4787,https://securityvulnerability.io/vulnerability/CVE-2022-4787,Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode,"Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.",Wordpress,Themify Shortcodes,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-30T20:31:44.864Z,0
CVE-2022-4464,https://securityvulnerability.io/vulnerability/CVE-2022-4464,Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS,"Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin.",Wordpress,Themify Portfolio Post,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-16T15:37:47.997Z,0
CVE-2022-1532,https://securityvulnerability.io/vulnerability/CVE-2022-1532,Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting,"Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting",Wordpress,Themify – WooCommerce Product Filter,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-06-13T12:41:54.000Z,0
CVE-2022-1047,https://securityvulnerability.io/vulnerability/CVE-2022-1047,Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting,"The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.",Wordpress,Themify-ptb-search,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-05-09T16:50:44.000Z,0
CVE-2022-0200,https://securityvulnerability.io/vulnerability/CVE-2022-0200,Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting,"Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting",Wordpress,Themify Portfolio Post,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-02-14T09:21:03.000Z,0
CVE-2021-24129,https://securityvulnerability.io/vulnerability/CVE-2021-24129,Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting,"Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.",Wordpress,Themify Portfolio Post,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-03-18T14:57:48.000Z,0