Stored Cross-Site Scripting Vulnerability in Themify Builder Plugin for WordPress
CVE-2026-15097
6.4MEDIUM
What is CVE-2026-15097?
The Themify Builder plugin for WordPress may allow authenticated attackers with contributor-level access and above to exploit insufficient input sanitization and output escaping in the 'height_slider' Slider Module Field. This can lead to the injection of arbitrary web scripts into web pages, which would execute when users access the compromised pages, posing a significant risk to site security and user trust.
Affected Version(s)
Themify Builder 0 <= 7.7.6