Builder
CVE-2025-67231
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
AnalysisAI
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. [CVSS 5.9 MEDIUM]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Builder. A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, le
ToDesktop Builder v0.32.1 has an improper certificate validation vulnerability allowing man-in-the-middle attackers to i
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with rendere
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg
Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.0.5. Rated medium severity (CVSS 4.3), this v
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the dup
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today