Which Themify Portfolio Post CVEs are tracked?

Themify Portfolio Post tracked CVEs include CVE-2025-67533, CVE-2023-0362, CVE-2022-4464, CVE-2022-32970, and CVE-2022-0200.

How many Themify Portfolio Post vulnerabilities have patch guidance?

6 of 6 tracked Themify Portfolio Post records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 6 known issues Latest disclosed Dec 15, 2025

Themify Portfolio Post Vulnerabilities

Review known vulnerability records for the WordPress plugin Themify Portfolio Post (`themify-portfolio-post`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-67533, CVE-2022-32970 and CVE-2023-0362, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Dec 19, 2025

Priority CVE Quick Links

Fast paths into Themify Portfolio Post CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-67533 Medium 1.3.1

CVE-2025-67533 Themify Portfolio Post Stored Cross-Site Scripting

Themify Portfolio Post <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting

CVE-2023-0362 Medium 1.2.2

CVE-2023-0362 Themify Portfolio Post Stored Cross-Site Scripting

Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE-2022-4464 Medium 1.2.1

CVE-2022-4464 Themify Portfolio Post Stored Cross-Site Scripting

Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE-2022-32970 Medium 1.2.5

CVE-2022-32970 Themify Portfolio Post Stored Cross-Site Scripting

Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

CVE-2022-0200 Medium 1.1.7

CVE-2022-0200 Themify Portfolio Post Cross-Site Scripting

Themify Portfolio Post <= 1.1.6 - Reflected Cross-Site Scripting

CVE-2021-24129 Medium 1.1.6

CVE-2021-24129 Themify Portfolio Post Stored Cross-Site Scripting

Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Themify Portfolio Post so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

6 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 0 high severity findings.

Recent CVEs

CVE-2025-67533, CVE-2022-32970 and CVE-2023-0362

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-67533 Medium Patch path listed

CVE-2025-67533: Themify Portfolio Post <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escapin...

Published

Dec 15, 2025

Patch Status

1.3.1

Open CVE-2025-67533 Report

CVE-2022-32970 Medium Patch path listed

CVE-2022-32970: Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escapin...

Published

Apr 18, 2023

Patch Status

1.2.5

Open CVE-2022-32970 Report

CVE-2023-0362 Medium Patch path listed

CVE-2023-0362: Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input s...

Published

Jan 19, 2023

Patch Status

1.2.2

Open CVE-2023-0362 Report

Known Vulnerabilities

Reports for Themify Portfolio Post

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-67533

CVE-2025-67533: Themify Portfolio Post <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above,...

Published

Dec 15, 2025

Patched Release

1.3.1

Affected Versions

Versions up to 1.3.0

Next Step

Update to 1.3.1 or newer if supported.

Open CVE-2025-67533 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-32970

CVE-2022-32970: Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

Published

Apr 18, 2023

Patched Release

1.2.5

Affected Versions

Versions up to 1.2.4

Next Step

Update to 1.2.5 or newer if supported.

Open CVE-2022-32970 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-0362

CVE-2023-0362: Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au...

Published

Jan 19, 2023

Patched Release

1.2.2

Affected Versions

Versions up to 1.2.1

Next Step

Update to 1.2.2 or newer if supported.

Open CVE-2023-0362 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-4464

CVE-2022-4464: Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for auth...

Published

Dec 23, 2022

Patched Release

1.2.1

Affected Versions

Versions up to 1.2.0

Next Step

Update to 1.2.1 or newer if supported.

Open CVE-2022-4464 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-0200

CVE-2022-0200: Themify Portfolio Post <= 1.1.6 - Reflected Cross-Site Scripting

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scr...

Published

Jan 14, 2022

Patched Release

1.1.7

Affected Versions

Versions up to 1.1.6

Next Step

Update to 1.1.7 or newer if supported.

Open CVE-2022-0200 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2021-24129

CVE-2021-24129: Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where t...

Published

Dec 04, 2020

Patched Release

1.1.6

Affected Versions

Versions up to 1.1.5

Next Step

Update to 1.1.6 or newer if supported.

Open CVE-2021-24129 Report Open CVE Reference