Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting
CVE-2022-1047

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Themify-ptb-search
Vendor
CVE Published:
9 May 2022

What is CVE-2022-1047?

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

themify-ptb-search 1.4.0

References

https://wpscan.com/vulnerability/078bd5f6-64f7-4665-825b-...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kevin BarbĂłn GarcĂ­a
David Álvarez Robles
Francisco DĂ­az-Pache Alonso & Sergio Corral Cristo
JSON
.