Themify Shortcodes
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Themify Shortcodes.
By the Year
In 2026 there have been 0 vulnerabilities in Themify Shortcodes. Last year, in 2025 Themify Shortcodes had 1 security vulnerability published. Right now, Themify Shortcodes is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 3 | 5.73 |
| 2023 | 1 | 5.40 |
It may take a day or so for new Themify Shortcodes vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Themify Shortcodes Security Vulnerabilities
Stored XSS in Themify Shortcodes <= 2.1.3
CVE-2025-39581
- April 16, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3.
XSS
Themify Shortcodes XSS in Shortcodes before 2.1.2
CVE-2024-43133
5.4 - Medium
- August 12, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.
XSS
Themify Shortcodes <=2.0.9 Stored XSS via themify_button
CVE-2024-4567
6.4 - Medium
- May 14, 2024
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Stored XSS in Themify Shortcodes <=2.0.8 via themify_post_slider shortcode
CVE-2024-2732
5.4 - Medium
- March 26, 2024
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Themify Shortcodes WP Plugin XSS via Unvalidated Shortcode Attribute (2.0.8)
CVE-2022-4787
5.4 - Medium
- January 30, 2023
Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Themify Shortcodes or by Themify? Click the Watch button to subscribe.
