Approved changes feed: RSS · Atom
cpe:2.3:a:themefic:tourfic:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Themefic (69fae1e1-81cb-5dd5-92a6-9e186c18d282) |
|---|---|
| Product | Tourfic (55446f20-d3fc-55e6-845e-40aef2398dfe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/themefic-team/tourfic |
purl2cpe | 2026-06-01 10:11:22.773905 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-39543 |
vulnerable | 2026-06-08 08:01:16.632391 |
WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.
Published: 2026-04-08T08:30:17.808Z
Updated: 2026-04-29T09:52:02.060Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24650 |
vulnerable | 2026-06-08 07:12:49.663543 |
WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability
CRITICAL (9.1)
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3.
Published: 2025-01-24T17:24:41.337Z
Updated: 2026-04-28T16:11:31.284Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29137 |
vulnerable | 2026-06-08 06:33:28.816120 |
WordPress Tourfic plugin <= 2.11.7 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.7.
Published: 2024-03-19T13:44:56.906Z
Updated: 2026-04-28T16:09:17.757Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29136 |
vulnerable | 2026-06-08 06:33:28.815718 |
WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability
HIGH (8.5)
Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17.
Published: 2024-03-19T13:48:09.169Z
Updated: 2026-05-11T20:54:57.228Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29135 |
vulnerable | 2026-06-08 06:33:28.815147 |
WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability
CRITICAL (9.9)
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.15.
Published: 2024-03-19T13:51:00.566Z
Updated: 2026-04-29T09:51:52.780Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29134 |
vulnerable | 2026-06-08 06:33:28.813803 |
WordPress Tourfic plugin <= 2.11.8 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.8.
Published: 2024-03-19T13:52:39.138Z
Updated: 2026-05-11T20:55:09.173Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.