Lucene search
K

2413 matches found

NVD
NVD
added 9 hours ago4 views

CVE-2026-57780

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS
Exploits0References1
CVE
CVE
added 10 hours ago11 views

CVE-2026-57780

Technical details are not publicly provided in the connected documents. The description notes a DOM-based XSS in Envision Page Builder

6.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago4 views

CVE-2026-57780 WordPress Envision Page Builder plugin <= 0.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago152 views

Kubio AI Page Builder <= 2.5.1 - Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS7.5AI score0.76761EPSS
Exploits12References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15286 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'getitemspermissioncheck' function permission callback of the...

4.3CVSS0.00268EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-6740

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00156EPSS
Exploits0References2
The Hacker News
The Hacker News
added 5 days ago13 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.28583EPSS
Exploits15
NVD
NVD
added 2026/07/02 12:17 p.m.11 views

CVE-2026-57754

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 12:9 p.m.5 views

WordPress Envision Page Builder plugin <= 0.22 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Envision Page Builder versions = 0.22...

6.5CVSS5.9AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57754 WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 8:53 a.m.8 views

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41267

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55042

Name of the Vulnerable Software and Affected Versions Livemesh Addons for WPBakery Page Builder versions prior to 3.9.5 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. This occurs when the application...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:43 a.m.7 views

CVE-2026-12902

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References11
NVD
NVD
added 2026/06/29 3:16 p.m.10 views

CVE-2026-57337

Unauthenticated Cross Site Scripting XSS in Landing Page Builder = 1.5.3.5 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.10 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.02912EPSS
Exploits4References4
Vulnrichment
Vulnrichment
added 2026/06/29 2:31 p.m.9 views

CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.02912EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:31 p.m.8 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.02912EPSS
Exploits4References2Affected Software1
EUVD
EUVD
added 2026/06/29 2:31 p.m.9 views

EUVD-2026-40121

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.02912EPSS
Exploits4References1
CVE
CVE
added 2026/06/29 2:31 p.m.294 views

CVE-2026-56290

CVE-2026-56290 affects Joomla Page Builder CK (com_pagebuilderck). The root cause is an unauthenticated file upload path via browse.ajaxAddPicture that accepts a user-controlled destination with only trivial sanitization and no authentication gate, enabling an attacker to upload PHP/executable fi...

10CVSS5.8AI score0.02912EPSS
In wildExploits4References4Affected Software1
Rows per page
Query Builder