Vulnerabilidades en themefic
38 resultadosCVE-2025-6220HIGHUltimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options'EPSS 0.9%CVE-2024-29135CRITICALWordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2022-47586HIGHWordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL InjectionEPSS 0.7%CVE-2024-29136HIGHWordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerabilityEPSS 0.6%CVE-2023-30495HIGHWordPress Ultimate Addons for Contact Form 7 Plugin <= 3.1.23 is vulnerable to SQL InjectionEPSS 0.6%CVE-2024-29137HIGHWordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.6%CVE-2025-24650CRITICALWordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-12032MEDIUMTourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL InjectionEPSS 0.5%CVE-2023-47693HIGHWordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-47549CRITICALWordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2023-49766HIGHWordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2025-49378HIGHWordPress Hydra Booking plugin <= 1.1.10 - SQL Injection vulnerabilityEPSS 0.4%CVE-2025-47550MEDIUMWordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload VulnerabilityEPSS 0.4%CVE-2024-29134MEDIUMWordPress Tourfic plugin <= 2.11.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-14356MEDIUMUltra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDFEPSS 0.3%CVE-2025-7689HIGHHydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback FunctionEPSS 0.3%CVE-2023-30493HIGHWordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2025-24581MEDIUMWordPress Instantio plugin <= 3.3.7 - Settings Change vulnerabilityEPSS 0.3%CVE-2026-39594MEDIUMWordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68055HIGHWordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerabilityEPSS 0.3%