61 matches found
WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...
CVE-2026-34889
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...
PT-2026-21171
Name of the Vulnerable Software and Affected Versions themobon Business Template Blocks for WPBakery Visual Composer Page Builder versions through 1.3.2 Description A flaw exists in themebon Business Template Blocks for WPBakery Visual Composer Page Builder that allows for Reflected Cross-site...
CVE-2026-24594
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through = 3.9.4...
CVE-2023-50889
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2...
CVE-2025-68574
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...
CVE-2025-68598 WordPress Page Builder: Live Composer plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through = 2.0.5...
CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...
CVE-2025-62044
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...
CVE-2025-11814
The CVE-2025-11814 entry concerns the Ultimate Addons for WPBakery Page Builder (WordPress). It describes a Stored Cross-Site Scripting vulnerability in all versions up to 3.21.1 (exclusive) caused by insufficient input sanitization and output escaping. The issue could allow unauthenticated attac...
EUVD-2025-34532
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...
EUVD-2023-55622
Malicious code in bioql PyPI...
EUVD-2025-28531
Malicious code in bioql PyPI...
EUVD-2025-28530
Malicious code in bioql PyPI...
EUVD-2025-28151
Malicious code in bioql PyPI...
CVE-2025-8897
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'flbuilder' parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-53559
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for...
CVE-2025-48154
CVE-2025-48154 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder , affecting versions
CVE-2025-30626
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbgvpyoutubevimeoaddonvisualcomposer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakery Pa...
PT-2025-33159 · WordPress · Multimedia Playlist Slider Addon For Wpbakery Page Builder
Name of the Vulnerable Software and Affected Versions: Multimedia Playlist Slider Addon for WPBakery Page Builder versions through 2.1 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, specifically a Reflected Cross-site Scripting XSS flaw...