Themelooks Mfolio Lite vulnerabilities
2 known vulnerabilities affecting themelooks/mfolio_lite.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-9307P2HIGHCVSS 8.8≤ 1.2.12024-11-06
CVE-2024-9307 [HIGH] CWE-434 CVE-2024-9307: The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE
nvd
CVE-2025-31847P4MEDIUMCVSS 6.5≤ 1.2.32025-04-01
CVE-2025-31847 [MEDIUM] CWE-79 CVE-2025-31847: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through <= 1.2.3.
nvd