Vulnerabilities
Vulnerable Software
Themify:  Security Vulnerabilities
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.
CVSS Score
9.8
EPSS Score
0.028
Published
2021-06-17
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-18


Contact Us

Shodan ® - All rights reserved