Lucene search
K

30 matches found

CVE
CVE
added 2025/03/28 5:23 a.m.92 views

CVE-2025-2804

Technical details about CVE-2025-2804 are not publicly provided in the connected documents. The initial description mentions Reflected XSS in tagDiv Composer for WordPress (accounts) but lacks specifics on affected versions, impact, or fixes; monitor for official advisories and patch information.

6.1CVSS6.1AI score0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/21 12:27 p.m.16 views

CVE-2024-35768 WordPress Page Builder: Live Composer plugin <= 2.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows DOM-Based XSS.This issue affects Page Builder: Live Composer: from n/a through = 2.1.11...

5.9CVSS5.2AI score0.00318EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.12 views

WordPress Page Builder: Live Composer Plugin <= 1.5.38 is vulnerable to Broken Access Control

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.38 Fixed in 1.5.39 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32957 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 6edbbb14734c Credits savphill Requir...

4.7CVSS6.9AI score0.00379EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Page Builder: Live Composer < 1.5.36 - Cross-Site Request Forgery

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.35. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/01 12:0 a.m.16 views

WordPress Visual Composer Website Builder Plugin <= 45.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Visual Composer Website Builder Type Plugin Vulnerable versions = 45.6.0 Fixed in 45.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6880 Patch priority Low CVSS severity Low 6.5 Developer Visual Composer PSID 2a3c93e3a183 Credits...

6.4CVSS5.7AI score0.00416EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/01 9:49 a.m.21 views

CVE-2023-52193 WordPress Page Builder: Live Composer Plugin <= 1.5.23 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.23...

6.5CVSS6.6AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/08 7:32 p.m.14 views

CVE-2023-52206 WordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25...

7.7CVSS7.5AI score0.00496EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.6 views

The vulnerability of the tagDiv Composer Plugin, a plugin for WordPress content management systems, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the tagDiv Composer Plugin of the WordPress content management system exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.4CVSS6.8AI score0.01582EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.6 views

PT-2023-7564

Name of the Vulnerable Software and Affected Versions tagDiv Composer Plugin versions prior to 4.2 Description The issue exists due to the lack of proper validation and escaping of certain parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. This is...

6.4CVSS6.3AI score0.01582EPSS
Exploits2References10
Patchstack
Patchstack
added 2023/01/24 12:0 a.m.19 views

WordPress Page Builder: Live Composer Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.22 Fixed in 1.5.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3a851e56815e Credits Istv...

5.4CVSS5.9AI score0.00393EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder