229 matches found
CVE-2024-3340 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-3340
The CVE-2024-3340 issue affects Colibri Page Builder for WordPress. It enables Stored XSS via the colibri-gallery-slideshow shortcode in all versions up to 1.0.272 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access at...
CVE-2024-3337 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-3337
CVE-2024-3337 affects the Colibri Page Builder for WordPress. The vulnerability is a Stored XSS via the shortcode colibri_breadcrumb_element, present in all versions up to and including 1.0.272, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...
CVE-2024-3338
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
CVE-2024-3338 Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
CVE-2024-3338
The CVE-2024-3338 entry concerns Colibri Page Builder for WordPress. It enables Stored Cross-Site Scripting via the image alt data parameter in all versions up to 1.0.262 due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inj...
WordPress plugin Colibri Page Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Colibri Page Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-25232 · WordPress · Colibri Page Builder
Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode due to insufficient input sanitization an...
PT-2024-25218 · WordPress · Colibri Page Builder
Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri breadcrumb element' shortcode due to insufficient input sanitization a...
PT-2024-25224 · WordPress · Colibri Page Builder
Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.262 Description: The issue is related to Stored Cross-Site Scripting via the image alt data parameter due to insufficient input sanitization and output escaping. Thi...
WordPress plugin Colibri Page Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-33686
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...
CVE-2024-33686
CVE-2024-33686 is a Missing Authorization vulnerability affecting multiple Extend Themes products (Pathway until 1.0.15; Hugo WP until 1.0.8; Althea WP until 1.0.13; Elevate WP until 1.0.15; Brite until 1.0.11; Colibri WP until 1.0.94; Vertice until 1.0.7). The CVE has a CVSSv3.1 base score of 4....
PT-2024-25441 · Extend Themes · Extend Themes Colibri Wp +6
Name of the Vulnerable Software and Affected Versions: Extend Themes Pathway versions 1.0.15 and earlier Extend Themes Hugo WP versions 1.0.8 and earlier Extend Themes Althea WP versions 1.0.13 and earlier Extend Themes Elevate WP versions 1.0.15 and earlier Extend Themes Brite versions 1.0.11 an...
WordPress Colibri WP theme <= 1.0.94 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Colibri WP versions = 1.0.94...
WordPress Colibri WP Theme <= 1.0.94 is vulnerable to Broken Access Control
Software Colibri WP Type Theme Vulnerable versions = 1.0.94 Fixed in 1.0.99 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c282bc3a34b4 Credits Dhabaleshwar Das Required privile...
WordPress Colibri Page Builder plugin <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.262...
WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Colibri Page Builder versions = 1.0.272...