Vulnerabilities in Themify
15 resultsCVE-2023-46149CRITICALWordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2023-46145HIGHWordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerabilityEPSS 0.6%CVE-2023-46147HIGHWordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2024-31366HIGHWordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerabilityEPSS 0.5%CVE-2023-46148HIGHWordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerabilityEPSS 0.4%CVE-2025-30996CRITICALArbitrary File Upload Vulnerability in WordPress themes by ThemifyEPSS 0.4%CVE-2023-46146HIGHWordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerabilityEPSS 0.4%CVE-2022-32970MEDIUMWordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-30440MEDIUMWordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-31365HIGHWordPress Post Type Builder (PTB) plugin < 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2025-31047HIGHWordPress Themify Edmin theme <= 2.0.0 - PHP Object Injection VulnerabilityEPSS 0.3%CVE-2025-31048CRITICALWordPress Shopo <= 1.1.4 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2024-43133MEDIUMWordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-24872MEDIUMWordPress Themify Builder Plugin <= 7.0.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-31013HIGHWordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%