CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

EUVD-2018-21872

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

WordPress plugin Ultimate Form Builder Lite SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

PT-2026-33046

Name of the Vulnerable Software and Affected Versions Beaver Builder versions prior to 2.10.1.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data directl...

CVE-2026-32395

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder - Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder - Lite: from n/a through = 1.5.6...

EUVD-2026-11909

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder Lite: from n/a through = 1.5.6...

CVE-2026-32395

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through = 1.5.6...

CVE-2026-32395 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through = 1.5.6...

CVE-2026-32395

The CVE affects WordPress Xpro Addons For Beaver Builder – Lite (xpro-addons-beaver-builder-elementor) with versions up to and including 1.5.6. It describes a Missing Authorization vulnerability that enables Exploiting Incorrectly Configured Access Control Security Levels, i.e., a broken access c...

CVE-2026-32395 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder Lite: from n/a through = 1.5.6...

PT-2026-25241

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder Lite: from n/a through = 1.5.6...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Info Table Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Icons Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Heading Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Separator Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

CVE-2025-69319

CVE-2025-69319 is an authenticated (Contributor+) remote code execution vulnerability in Beaver Builder Page Builder (Beaver Builder Lite) affecting versions up to 2.9.4.1. The issue is described as an arbitrary code execution via code generation/injection. The Wordfence vulnerability report conf...