CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-0362

Themify » Portfolio Post » Version: N/A

cpe:2.3:a:themify:portfolio_post:-
Themify » Portfolio Post » Version: 1.1.6

cpe:2.3:a:themify:portfolio_post:1.1.6
Themify » Portfolio Post » Version: 1.1.7

cpe:2.3:a:themify:portfolio_post:1.1.7
Themify » Portfolio Post » Version: 1.1.8

cpe:2.3:a:themify:portfolio_post:1.1.8
Themify » Portfolio Post » Version: 1.1.9

cpe:2.3:a:themify:portfolio_post:1.1.9
Themify » Portfolio Post » Version: 1.2.0

cpe:2.3:a:themify:portfolio_post:1.2.0
Themify » Portfolio Post » Version: 1.2.1

cpe:2.3:a:themify:portfolio_post:1.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0362

Products

Pricing

Contact Us