CVE-2025-69055 WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through 3.16.3.3...

CVE-2025-69055

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3...

CVE-2025-69055 WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through 3.16.3.3...

WordPress plugin BM Content Builder has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin BM Content Builder versions 3.16.3.3...

WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via uxcbpageoptionssave vulnerability discovered by István Márton - Wordfence in WordPress Plugin BM Content Builder versions = 3.16.2.1...

EUVD-2025-17053

Malicious code in bioql PyPI...

EUVD-2025-12384

Malicious code in bioql PyPI...

CVE-2025-59002 WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a...

WordPress plugin BM Content Builder 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

PT-2025-39534

Name of the Vulnerable Software and Affected Versions SeaTheme BM Content Builder affected versions not specified Description A Path Traversal issue exists in SeaTheme BM Content Builder. The vulnerability is due to improper limitation of a pathname to a restricted directory. This allows attacker...

CVE-2025-1777

The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save

The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1777

CVE-2025-1777 : BM Content Builder (WordPress) has a missing authorization check in ux_cb_page_options_save, allowing authenticated users with subscriber+ access to perform a stored cross-site scripting attack. Affected versions: ≤ 3.16.2.1. Impact per sources: unauthorized data modification and ...

CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save

The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...

PT-2025-24013 · WordPress · Bm Content Builder

Name of the Vulnerable Software and Affected Versions: BM Content Builder plugin for WordPress versions up to, and including, 3.16.2.1 Description: The issue is related to a missing capability check on the ux cb page options save function, allowing authenticated attackers with subscriber-level...

CVE-2025-1279 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uxcbtoolsimportitemajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it possible for authenticate...

CVE-2025-1279 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uxcbtoolsimportitemajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it possible for authenticate...

PT-2025-17893 · WordPress · Bm Content Builder

Name of the Vulnerable Software and Affected Versions: BM Content Builder plugin for WordPress versions up to, and including, 3.16.2.1 Description: The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing...

WordPress plugin BM Content Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...