Themifyme Themify Builder vulnerabilities
7 known vulnerabilities affecting themifyme/themify_builder.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2024-56216P3MEDIUMCVSS 6.5≤ 7.6.32024-12-31
CVE-2024-56216 [MEDIUM] CWE-98 CVE-2024-56216: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Builder themify-builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through <= 7.6.3.
nvd
CVE-2025-9353P4MEDIUMCVSS 6.4≤ 7.6.92025-09-24
CVE-2025-9353 [MEDIUM] CWE-79 CVE-2025-9353: The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several pa
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that wi
nvd
CVE-2024-52423P4MEDIUMCVSS 5.4≤ 7.6.52024-11-18
CVE-2024-52423 [MEDIUM] CWE-79 CVE-2024-52423: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Builder themify-builder allows Stored XSS.This issue affects Themify Builder: from n/a through <= 7.6.5.
nvd
CVE-2024-9385P4MEDIUMCVSS 6.1≤ 7.6.22024-10-05
CVE-2024-9385 [MEDIUM] CWE-79 CVE-2024-9385: The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into
nvd
CVE-2024-13319P4MEDIUMCVSS 6.1≤ 7.6.52025-01-22
CVE-2024-13319 [MEDIUM] CWE-79 CVE-2024-13319: The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user in
nvd
CVE-2024-7836P4MEDIUMCVSS 4.3≤ 7.6.12024-08-22
CVE-2024-7836 [MEDIUM] CWE-863 CVE-2024-7836: The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missi
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other user
nvd
CVE-2025-49396P4MEDIUMCVSS 4.3≤ 7.6.72025-08-20
CVE-2025-49396 [MEDIUM] CWE-862 CVE-2025-49396: Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting I
Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through <= 7.6.7.
nvd