Skip to main content

Builder

7 CVEs product

Monthly

CVE-2025-67231 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. [CVSS 5.9 MEDIUM]

XSS Builder
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-67230 HIGH This Week

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation. [CVSS 7.1 HIGH]

Privilege Escalation Builder
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-67229 CRITICAL Act Now

ToDesktop Builder v0.32.1 has an improper certificate validation vulnerability allowing man-in-the-middle attackers to inject malicious code into desktop application builds.

Authentication Bypass Builder
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-9385 MEDIUM PATCH This Month

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Builder
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7836 MEDIUM This Month

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Builder
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-3032 MEDIUM POC This Month

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-24872 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. [CVSS 5.9 MEDIUM]

XSS Builder
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation. [CVSS 7.1 HIGH]

Privilege Escalation Builder
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

ToDesktop Builder v0.32.1 has an improper certificate validation vulnerability allowing man-in-the-middle attackers to inject malicious code into desktop application builds.

Authentication Bypass Builder
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Builder
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Builder
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Builder
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy