CVE-2022-32970Cross-site Scripting in Portfolio Post

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
CNA4.1
EPSS
0.1%
top 75.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Themify Portfolio PostThemify Portfolio Post
Timeline
PublishedMay 10
Latest updateJul 6

Description

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5themify/themify_portfolio_postn/a1.2.4

🔴Vulnerability Details

2
GHSA
GHSA-rqg4-rgjf-vh9h: Auth2023-07-06
CVEList
WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)2023-05-10
CVE-2022-32970 — Cross-site Scripting in Portfolio Post | cvebase