CVE-2025-3669

The CVE-2025-3669 entry concerns the WordPress plugin Supreme Addons for Beaver Builder. A Stored Cross-Site Scripting vulnerability exists in the auto_qrcodesabb shortcode due to insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to 1.0.9. ...

PT-2025-29709 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to and including 3.12.1 Description: The Avada Fusion Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fusion map shortcode. Insufficient input...

CVE-2025-53336

CVE-2025-53336 is a stored XSS vulnerability affecting the WordPress plugin My Resume Builder . The issue arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software versions are from unspecified earliest onward to version 1.0.3...

WordPress plugin My Resume Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Beaver Builder plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Beaver Builder plugin that stems from a lack of file type validation, which can be exploited by an attacker to cause an...

CVE-2025-4102

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveenabledicons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-4102

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveenabledicons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-4102 Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveenabledicons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-4102

The Beaver Builder Plugin (Starter Version) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_enabled_icons function in all versions up to and including 2.9.1. An authenticated attacker with Administrator-level access can upload arbitrary files ...

CVE-2025-4102 Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload

The Beaver Builder Plugin Starter Version plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveenabledicons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level...

WordPress plugin App Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress App Builder plugin suffers from an improper access control vulnerability that stems from a lack of authorization, and no detailed vulnerability details are provide...

WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin AIO WP Builder versions = 2.0.2...

WordPress Profile Builder Plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Profile Builder Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

PT-2025-24013 · WordPress · Bm Content Builder

Name of the Vulnerable Software and Affected Versions: BM Content Builder plugin for WordPress versions up to, and including, 3.16.2.1 Description: The issue is related to a missing capability check on the ux cb page options save function, allowing authenticated attackers with subscriber-level...

WordPress plugin Profile Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Profile Builder Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

PT-2025-23603 · WordPress · Profile Builder

Name of the Vulnerable Software and Affected Versions: Profile Builder plugin for WordPress versions up to, and including, 3.13.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the user met...

CVE-2025-5286

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additionalsettings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-9457

The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-5501

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttononeid’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5192

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...