Medium severity5.4NVD Advisory· Published Feb 14, 2022· Updated Jun 17, 2026
CVE-2022-0200
CVE-2022-0200
Description
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.1.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/bbc0b812-7b30-4ab4-bac8-27c706b3f146nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.