CVE-2022-0176

The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2024-2289

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2024-36644

Malicious code in bioql PyPI...

EUVD-2022-15383

Malicious code in bioql PyPI...

EUVD-2024-36643

Malicious code in bioql PyPI...

EUVD-2024-50706

Malicious code in bioql PyPI...

EUVD-2024-27244

Malicious code in bioql PyPI...

CVE-2025-8388

The CVE-2025-8388 vulnerability affects PowerPack Lite for Elementor (PowerPack Addons) up to version 2.9.4, allowing Stored XSS via the cursor_url parameter for authenticated (Contributor+) users; update to a version later than 2.9.4 to patch."

CVE-2025-8388 PowerPack Lite for Elementor <= 2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Via 'cursor_url'

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursorurl’ parameter in all versions up to, and including, 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-8388 PowerPack Lite for Elementor <= 2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting Via 'cursor_url'

The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursorurl’ parameter in all versions up to, and including, 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-37409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder powerpack-addon-for-beaver-builder.This issue affects PowerPack Lite for Beaver Builder: from n/a through = 1.3.0.4...

CVE-2024-37410

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder powerpack-addon-for-beaver-builder.This issue affects PowerPack Lite for Beaver Builder: from n/a through = 1.3.0.3...

CVE-2024-12239

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-12239

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-12239

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-12239

CVE-2024-12239 (PowerPack Lite for Beaver Builder, WordPress) is a Reflected Cross-Site Scripting flaw in the navigate parameter, affecting all versions up to 1.3.0.5. It allows unauthenticated attackers to inject scripts that run when an admin user interacts with a crafted link. The Red Hat entr...

CVE-2024-12239 PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-12239 PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

PT-2024-17505 · WordPress · Powerpack Lite For Beaver Builder

Name of the Vulnerable Software and Affected Versions: PowerPack Lite for Beaver Builder plugin for WordPress versions up to, and including, 1.3.0.5 Description: The issue is a Reflected Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows...

WordPress plugin PowerPack Lite for Beaver Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...