Lucene search
+L

229 matches found

Patchstack
Patchstack
added 2024/04/23 12:0 a.m.12 views

WordPress Colibri Page Builder Plugin <= 1.0.272 is vulnerable to Cross Site Scripting (XSS)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.272 Fixed in 1.0.274 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3340 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 39692f6fa930 Credits Ngô Thiên An...

5.4CVSS5.8AI score0.00449EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.12 views

WordPress Colibri Page Builder Plugin <= 1.0.262 is vulnerable to Cross Site Scripting (XSS)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.262 Fixed in 1.0.264 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3338 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 41440fdca449 Credits stealthcopter...

5.4CVSS5.8AI score0.00424EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.15 views

Colibri Page Builder < 1.0.272 - Contributor+ Stored Cross-Site Scripting

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS5.9AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

Colibri Page Builder < 1.0.264 - Author+ Stored Cross-Site Scripting

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.11 views

Colibri Page Builder < 1.0.272 - Contributor+ Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/02 7:16 a.m.16 views

CVE-2024-2839

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2024/04/02 7:16 a.m.3 views

CVE-2024-2839

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This...

5.4CVSS5.9AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/02 6:47 a.m.16 views

CVE-2024-2839 Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This...

6.4CVSS7.4AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/02 6:47 a.m.26 views

CVE-2024-2839 Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/02 2:4 a.m.6 views

WordPress Colibri Page Builder plugin <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn - VNPT-VCI Dau Hoang Tai - VCI in WordPress Plugin Colibri Page Builder versions = 1.0.263...

6.4CVSS5.6AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/02 12:0 a.m.12 views

WordPress Colibri Page Builder Plugin <= 1.0.263 is vulnerable to Cross Site Scripting (XSS)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.263 Fixed in 1.0.270 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2839 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9a9fcc6408b7 Credits Ngô Thiên An...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.5 views

PT-2024-22409 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.263 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, such as heading type, in the plugin's 'colibr...

6.4CVSS9.3AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.4 views

WordPress Plugin Colibri Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS7.7AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2024/03/28 6:15 a.m.7 views

CVE-2024-28004

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2024/03/28 6:15 a.m.16 views

CVE-2024-28004

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248...

5.4CVSS5.5AI score0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/28 5:51 a.m.10 views

CVE-2024-28004 WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248...

5.4CVSS7AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2024/03/28 5:51 a.m.73 views

CVE-2024-28004

Summary of CVE-2024-28004 (WordPress Colibri Page Builder): The vulnerability is a Missing Authorization flaw in ExtendThemes Colibri Page Builder (versions up to and including 1.0.248). The root cause is an unauthorized modification risk due to a missing capability check on the wp_ajax_colibri_p...

5.4CVSS5.2AI score0.00358EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/28 5:51 a.m.26 views

CVE-2024-28004 WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248...

5.4CVSS5.8AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

WordPress Plugin Colibri Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.1AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.7 views

PT-2024-22200 · Extend Themes · Extendthemes Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: ExtendThemes Colibri Page Builder versions 1.0.248 and earlier Description: The issue is related to a Missing Authorization vulnerability in ExtendThemes Colibri Page Builder. Recommendations: For versions 1.0.248 and earlier, update to a...

5.4CVSS6.8AI score0.00358EPSS
Exploits0References5
Rows per page
Query Builder