Lucene search
K

229 matches found

Cvelist
Cvelist
added 2024/05/02 4:52 p.m.24 views

CVE-2024-3340 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.2AI score0.00449EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.54 views

CVE-2024-3340

The CVE-2024-3340 issue affects Colibri Page Builder for WordPress. It enables Stored XSS via the colibri-gallery-slideshow shortcode in all versions up to 1.0.272 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access at...

5.4CVSS5.7AI score0.00449EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.16 views

CVE-2024-3337 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.59 views

CVE-2024-3337

CVE-2024-3337 affects the Colibri Page Builder for WordPress. The vulnerability is a Stored XSS via the shortcode colibri_breadcrumb_element, present in all versions up to and including 1.0.272, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.12 views

CVE-2024-3338

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...

4.4CVSS5.8AI score0.00424EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:51 p.m.27 views

CVE-2024-3338 Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...

4.4CVSS4.5AI score0.00424EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:51 p.m.60 views

CVE-2024-3338

The CVE-2024-3338 entry concerns Colibri Page Builder for WordPress. It enables Stored Cross-Site Scripting via the image alt data parameter in all versions up to 1.0.262 due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inj...

5.4CVSS5.7AI score0.00424EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.8 views

WordPress plugin Colibri Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.3 views

WordPress plugin Colibri Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6AI score0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-25232 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode due to insufficient input sanitization an...

5.4CVSS5.9AI score0.00449EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.3 views

PT-2024-25218 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri breadcrumb element' shortcode due to insufficient input sanitization a...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-25224 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.262 Description: The issue is related to Stored Cross-Site Scripting via the image alt data parameter due to insufficient input sanitization and output escaping. Thi...

5.4CVSS5.9AI score0.00424EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.6 views

WordPress plugin Colibri Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.8AI score0.00449EPSS
Exploits0References3
NVD
NVD
added 2024/04/29 6:15 a.m.18 views

CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...

4.3CVSS4.7AI score0.00507EPSS
Exploits0References7
CVE
CVE
added 2024/04/29 5:56 a.m.59 views

CVE-2024-33686

CVE-2024-33686 is a Missing Authorization vulnerability affecting multiple Extend Themes products (Pathway until 1.0.15; Hugo WP until 1.0.8; Althea WP until 1.0.13; Elevate WP until 1.0.15; Brite until 1.0.11; Colibri WP until 1.0.94; Vertice until 1.0.7). The CVE has a CVSSv3.1 base score of 4....

4.3CVSS5.1AI score0.00507EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/28 12:0 a.m.4 views

PT-2024-25441 · Extend Themes · Extend Themes Colibri Wp +6

Name of the Vulnerable Software and Affected Versions: Extend Themes Pathway versions 1.0.15 and earlier Extend Themes Hugo WP versions 1.0.8 and earlier Extend Themes Althea WP versions 1.0.13 and earlier Extend Themes Elevate WP versions 1.0.15 and earlier Extend Themes Brite versions 1.0.11 an...

4.3CVSS6.7AI score0.00507EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/04/26 9:58 a.m.4 views

WordPress Colibri WP theme <= 1.0.94 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Colibri WP versions = 1.0.94...

4.3CVSS7AI score0.00507EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.12 views

WordPress Colibri WP Theme <= 1.0.94 is vulnerable to Broken Access Control

Software Colibri WP Type Theme Vulnerable versions = 1.0.94 Fixed in 1.0.99 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c282bc3a34b4 Credits Dhabaleshwar Das Required privile...

4.3CVSS4.4AI score0.00507EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/23 2:54 a.m.5 views

WordPress Colibri Page Builder plugin <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.262...

5.4CVSS5.5AI score0.00424EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/23 2:52 a.m.4 views

WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Colibri Page Builder versions = 1.0.272...

5.4CVSS5.5AI score0.00449EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder