cbcvebase.

Themify Builder vulnerabilities

6 known vulnerabilities affecting themify/builder.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2024-3032P3MEDIUMCVSS 6.1PoCfixed in 7.5.82024-06-13
CVE-2024-3032 [MEDIUM] CWE-601 CVE-2024-3032: Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the u Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
nvd
CVE-2024-56216P3MEDIUMCVSS 6.5≤ 7.6.32024-12-31
CVE-2024-56216 [MEDIUM] CWE-98 CVE-2024-56216: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through <= 7.6.3.
nvd
CVE-2024-24872P3HIGHCVSS 8.8fixed in 7.0.62024-02-21
CVE-2024-24872 [HIGH] CWE-352 CVE-2024-24872: Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themif Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5.
nvd
CVE-2024-52423P4MEDIUMCVSS 5.4≤ 7.6.32024-11-18
CVE-2024-52423 [MEDIUM] CWE-79 CVE-2024-52423: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.This issue affects Themify Builder: from n/a through <= 7.6.5.
nvd
CVE-2024-9385P4MEDIUMCVSS 6.1fixed in 7.6.32024-10-05
CVE-2024-9385 [MEDIUM] CWE-79 CVE-2024-9385: The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into
nvd
CVE-2024-7836P4MEDIUMCVSS 4.3fixed in 7.6.22024-08-22
CVE-2024-7836 [MEDIUM] CWE-863 CVE-2024-7836: The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missi The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other user
nvd
Themify Builder vulnerabilities | cvebase