CVE-2022-0200

CVE-2022-0200: Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting

Vendor Unknown
Product Themify Portfolio Post
Weakness CWE-79 · XSS
Published February 14, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

February 14, 2022 CVE published
August 2, 2024 Record updated