PT-2025-5431 · Bplugins · Bplugins All Embed – Elementor Addons

Name of the Vulnerable Software and Affected Versions: bPlugins All Embed – Elementor Addons versions 1.1.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means an attacker can...

CVE-2025-22787

Missing Authorization vulnerability in bPlugins Button Block button-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through = 1.1.5...

CVE-2025-22787

CVE-2025-22787 is a Missing Authorization vulnerability in the WordPress plugin Button Block by bPlugins LLC , affecting versions up to 1.1.5. Per the provided documents, the CVE is associated with access to functions not properly constrained by ACLs, with a CVSS v3.1 base score of 8.8 (High) , a...

CVE-2025-22787 WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Button Block button-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through = 1.1.5...

CVE-2025-22815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...

CVE-2025-22815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6...

CVE-2025-22815

CVE-2025-22815 describes a Stored XSS in Button Block plugin for WordPress (Button Block: from n/a through 1.1.6). The issue arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software: Button Block (WordPress plugin). Root caus...

CVE-2024-43296

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

CVE-2024-43296 WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...

CVE-2024-47631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through = 1....

CVE-2024-47631

CVE-2024-47631: Stored XSS in Logo Carousel – Clients logo carousel for WP (bPlugins LLC) affecting WP plugin versions up to 1.2. Root cause is improper neutralization of input during web page generation. The issue is categorized as a stored XSS with low to moderate impact per CVSS (6.5, CVSS v3....

CVE-2024-47631 WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through = 1....

CVE-2024-47631 WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through = 1....

CVE-2024-43319

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...

CVE-2024-43319 WordPress HTML5 Video Player plugin <= 2.5.31 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31...

CVE-2024-43148

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3...

CVE-2024-43148

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3...

CVE-2024-43148

CVE-2024-43148 is a Stored XSS in the WordPress plugin StreamCast (bPlugins StreamCast) due to improper input neutralization during web page generation. Affected: StreamCast versions up to 2.2.3 ( StreamCast

CVE-2024-37445

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...

CVE-2024-37445

CVE-2024-37445 is a stored XSS vulnerability in the WordPress plugin WordPress HTML5 Audio Player (bPlugins Html5 Audio Player), affected up to version 2.2.23. The issue arises from improper neutralization during web page generation, enabling stored cross-site scripting. The Wordfence/WordPress v...