Vulnerability Details CVE-2022-0200
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-0200
-
cpe:2.3:a:themify:portfolio_post:-
-
cpe:2.3:a:themify:portfolio_post:1.1.6