CVE-2022-1532

CVE-2022-1532: Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

Vendor Unknown

Product Themify – WooCommerce Product Filter

Weakness CWE-79 · XSS

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1532 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-60009 Junos Space: CLI Configlet page is vulnerable to reflected cross-site script injection CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting CVE-2023-5467 GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-8552 atjiu pybbs list cross site scripting CVE-2025-64551 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)