WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...

CVE-2021-24271

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

CVE-2024-37455

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31...

CVE-2024-5252

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5254

CVE-2024-5254 concerns the Ultimate Addons for WPBakery Page Builder plugin for WordPress. The vulnerability is Stored Cross-Site Scripting via the ultimate_info_banner shortcode in all versions up to and including 3.19.20, caused by insufficient input sanitization and output escaping on user-sup...

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14...

CVE-2023-50890

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20...

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14...

CVE-2024-2140 Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-2143

CVE-2024-2143 affects the Ultimate Addons for Beaver Builder – Lite WordPress plugin. It enables Stored XSS via the Heading widget in all versions up to 1.5.7 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, all...

CVE-2024-2144

CVE-2024-2144 affects the Ultimate Addons for Beaver Builder – Lite plugin for WordPress. The issue is a Stored Cross-Site Scripting vulnerability in the Image Separator widget, exploitable by authenticated users with contributor-level access or higher, allowing injection of scripts that execute ...

WordPress Plugin Ultimate Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-23882

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5...

CVE-2023-23882

The CVE-2023-23882 entry refers to a Missing Authorization (Broken Access Control) vulnerability in WordPress Ultimate Addons for Beaver Builder – Lite. According to Patchstack (and other connected entries), affected versions are Ultimate Addons for Beaver Builder – Lite 1.5.5 (i.e., 1.5.6 or ne...

Ultimate Addons for Contact Form 7 < 3.2.1 - Reflected Cross-Site Scripting

Description The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2020-36702

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the...

CVE-2021-24271

CVE-2021-24271 affects the WordPress plugin Ultimate Addons for Elementor (before 1.30.0). The vulnerability is a stored XSS in several widgets, exploitable by lower-privileged users (e.g., contributors) via a similar method. Connected sources confirm the affected version and context; the advisor...

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

CVE-2020-13125

The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (