258 matches found
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
CVE-2023-50890
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20...
WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.34 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.34...
CVE-2025-48088
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.21.1...
EUVD-2025-36063
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.1...
CVE-2025-48088
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.21.1...
CVE-2025-48088 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.1...
CVE-2025-48088
CVE-2025-48088 is a stored XSS in the Brainstorm Force/Ultimate Addons for WPBakery Page Builder plugin before version 3.21.1. The root cause is improper neutralization of input during web page generation, enabling stored payloads. Affected: Ultimate Addons for WPBakery Page Builder prior to 3.21...
CVE-2025-48088 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.21.1...
PT-2025-43863
Name of the Vulnerable Software and Affected Versions Brainstorm Force Ultimate Addons for WPBakery Page Builder versions prior to 3.21.1 Description The software contains a flaw related to improper input handling during web page generation, leading to a Stored Cross-site Scripting XSS condition...
WordPress plugin Ultimate Addons for WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-11814
The CVE-2025-11814 entry concerns the Ultimate Addons for WPBakery Page Builder (WordPress). It describes a Stored Cross-Site Scripting vulnerability in all versions up to 3.21.1 (exclusive) caused by insufficient input sanitization and output escaping. The issue could allow unauthenticated attac...
WordPress plugin Ultimate Addons for WPBakery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions 3.21.1...
CVE-2025-9703
The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability...
EUVD-2020-5401
Malware in sbrugna...