30 matches found
CVE-2025-2804
Technical details about CVE-2025-2804 are not publicly provided in the connected documents. The initial description mentions Reflected XSS in tagDiv Composer for WordPress (accounts) but lacks specifics on affected versions, impact, or fixes; monitor for official advisories and patch information.
CVE-2024-35768 WordPress Page Builder: Live Composer plugin <= 2.1.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows DOM-Based XSS.This issue affects Page Builder: Live Composer: from n/a through = 2.1.11...
WordPress Page Builder: Live Composer Plugin <= 1.5.38 is vulnerable to Broken Access Control
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.38 Fixed in 1.5.39 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32957 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 6edbbb14734c Credits savphill Requir...
Page Builder: Live Composer < 1.5.36 - Cross-Site Request Forgery
Description The Page Builder: Live Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.35. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform...
WordPress Visual Composer Website Builder Plugin <= 45.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Visual Composer Website Builder Type Plugin Vulnerable versions = 45.6.0 Fixed in 45.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6880 Patch priority Low CVSS severity Low 6.5 Developer Visual Composer PSID 2a3c93e3a183 Credits...
CVE-2023-52193 WordPress Page Builder: Live Composer Plugin <= 1.5.23 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.23...
CVE-2023-52206 WordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25...
The vulnerability of the tagDiv Composer Plugin, a plugin for WordPress content management systems, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the tagDiv Composer Plugin of the WordPress content management system exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
PT-2023-7564
Name of the Vulnerable Software and Affected Versions tagDiv Composer Plugin versions prior to 4.2 Description The issue exists due to the lack of proper validation and escaping of certain parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. This is...
WordPress Page Builder: Live Composer Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.22 Fixed in 1.5.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3a851e56815e Credits Istv...