cleantalk
Vulnerabilities and Security Researches

Themify Builder, 6698970fb3222b076e45d37df7e3fb6bdae4fb73

CVE, Research URL

6698970fb3222b076e45d37df7e3fb6bdae4fb73

Home page URL

Security reports for Themify Builder

Application

Themify Builder

Published on
Oct 04, 2021
Research Description
Themify Builder [themify-builder] < 5.3.2 Themify Builder <= 5.3.1 - Reflected Cross-Site Scripting The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the multiple parameters in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 5.3.2.
Status
vulnerable
Previous vulnerability researches
Themify Builder (CVE-2024-52423) , Nov 16, 2024
Themify Builder (CVE-2024-9385) , Oct 06, 2024
Themify Builder (CVE-2024-7836) , Aug 22, 2024
Themify Builder (CVE-2024-13319) , Jan 23, 2025
Themify Builder (CVE-2024-3032) , Jun 15, 2024
New vulnerability
Popup for CF7 with Sweet Alert (CVE-2025-48363) , Aug 23, 2025
WPPizza &#8211; A Restaurant Plugin (CVE-2025-57894) , Aug 23, 2025
ShortcodeHub &#8211; MultiPurpose Shortcode Builder (CVE-2025-7957) , Aug 23, 2025
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025