CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30831 – WordPress Themify Event Post Plugin <= 1.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-30831
27 Mar 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Event Post allows PHP Local File Inclusion. This issue affects Themify Event Post: from n/a through 1.3.2. The Themify Event Post plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the serv... • https://patchstack.com/database/wordpress/plugin/themify-event-post/vulnerability/wordpress-themify-event-post-plugin-1-3-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30832 – WordPress Themify Event Post Plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-30832
27 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post allows DOM-Based XSS. This issue affects Themify Event Post: from n/a through 1.3.2. The Themify Event Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbi... • https://patchstack.com/database/wordpress/plugin/themify-event-post/vulnerability/wordpress-themify-event-post-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56239 – WordPress Themify Audio Dock plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56239
30 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Audio Dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through 2.0.4. The Themify Audio Dock plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary ... • https://patchstack.com/database/wordpress/plugin/themify-audio-dock/vulnerability/wordpress-themify-audio-dock-plugin-2-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56216 – WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-56216
19 Dec 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3. Vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivo remoto PHP') en Themify Themify Builder permite la inclusión de archivos locales PHP. Este problema afecta a Themify Builder: desde n/a ha... • https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52423 – WordPress Themify Builder plugin <= 7.6.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-52423
13 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Themify Themify Builder permite XSS almacenado. Este problema afecta a Themify Builder: desde n/a hasta 7.6.3. The Themify Builder plugin for WordPress is vulnerable to Sto... • https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44046 – WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-44046
23 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1. The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, ... • https://patchstack.com/database/vulnerability/themify-wc-product-filter/wordpress-themify-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43133 – WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43133
07 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1. The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the plugin's shortcode in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/themify-shortcodes/wordpress-themify-shortcodes-plugin-2-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-6027 – Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter
https://notcve.org/view.php?id=CVE-2024-6027
20 Jun 2024 — The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Themify – W... • https://plugins.trac.wordpress.org/browser/themify-wc-product-filter/trunk/public/class-wpf-public.php#L604 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31365 – WordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31365
09 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Themify Post Type Builder (PTB) permite el XSS reflejado. Este problema afecta al Post Type Builder (PTB): desde n/a antes de 2.1.1. The Post Type Builder (PTB) plu... • https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31366 – WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability
https://notcve.org/view.php?id=CVE-2024-31366
09 Apr 2024 — Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. The Post Type Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts. • https://patchstack.com/database/vulnerability/themify-ptb/wordpress-post-type-builder-ptb-plugin-2-0-8-subscriber-arbitrary-post-page-creation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •