2381 matches found
CVE-2026-48908
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
EUVD-2026-38110
A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908
SP Page Builder for Joomla (joomshaper.com) is affected by CVE-2026-48908. Versions prior to 6.6.12 allow unauthenticated users to upload arbitrary files, enabling PHP code upload and execution. This vulnerability can impact confidentiality, integrity, and availability of the affected site. The C...
PT-2026-51135
Name of the Vulnerable Software and Affected Versions SP Page Builder for Joomla affected versions not specified Description An issue allows unauthenticated users to upload arbitrary files, which can lead to the upload and execution of PHP code. Recommendations At the moment, there is no...
Kubio AI Page Builder <= 2.5.1 - Local File Inclusion
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...
EUVD-2026-37610
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
CVE-2026-45436
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
CVE-2026-45436
CVE-2026-45436 affects WordPress WPBakery Page Builder plugin for WordPress, specifically versions
CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
CVE-2026-2470
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-3297
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2026-3297 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
EUVD-2026-36646
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2026-3297
The CVE-2026-3297 entry concerns the Page Builder: Pagelayer (WordPress) plugin. Affected version: up to and including 2.0.9. Vulnerability type: Stored Cross-Site Scripting via the Anchor block due to insufficient input sanitization and output escaping. Exploitation requires authenticated access...
CVE-2026-3297 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2026-3694
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the btbbbutton shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-2951
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...