56 matches found
WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion Vulnerability
Arbitrary File Deletion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin BM Content Builder versions 3.16.3.3...
CVE-2025-1777
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-1777
CVE-2025-1777 : BM Content Builder (WordPress) has a missing authorization check in ux_cb_page_options_save, allowing authenticated users with subscriber+ access to perform a stored cross-site scripting attack. Affected versions: ≤ 3.16.2.1. Impact per sources: unauthorized data modification and ...
CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...
PT-2025-24013 · WordPress · Bm Content Builder
Name of the Vulnerable Software and Affected Versions: BM Content Builder plugin for WordPress versions up to, and including, 3.16.2.1 Description: The issue is related to a missing capability check on the ux cb page options save function, allowing authenticated attackers with subscriber-level...
WordPress plugin BM Content Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-1279 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uxcbtoolsimportitemajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it possible for authenticate...
CVE-2025-1279 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uxcbtoolsimportitemajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it possible for authenticate...
PT-2025-17893 · WordPress · Bm Content Builder
Name of the Vulnerable Software and Affected Versions: BM Content Builder plugin for WordPress versions up to, and including, 3.16.2.1 Description: The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing...
WordPress plugin BM Content Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin BM Content Builder versions = 3.16.2.1...
WordPress Snax 4.9.x SQL Injection
Exploit Title : WordPress Snax Plugins 4.9.x SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : snax.bringthepixel.com Software Information Link : codecanyon.net/item/snax-viral-frontend-uploader/16540363 Software Version ...
Content Builder 0.7.5 postComment.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25914/info ContentBuilder CB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...
Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities
No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder = 0.7.2 Remote File Include Vulnerability $$ script site: http://www.content-builder.net/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacpe...
Content-Builder (CMS) 0.7.5 - Multiple Include Vulnerabilities
No description provided by source. ----------------------------------------------------- Advisory id: FSA:012 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: Content-Builder CMS 0.7.5, Remote command execution Type: high Product: http://www.content-builder.de/ Patch: unavailable...
Content Builder 0.7.5 RFI Bug
Content Builder 0.7.5 RFI Bug Script Home Page : http://www.content-builder.de/ Source Forge Script Link : http://sourceforge.net/projects/content-builder/ Script Download URL : http://www.content-builder.de/modules/download/download.php?id=821 The Content Builder is a powerful German...
Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/25914/info ContentBuilder CB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks a...
cb075-rfi.txt
Content Builder 0.7.5 RFI Bug Script Home Page : http://www.content-builder.de/ Source Forge Script Link : http://sourceforge.net/projects/content-builder/ Script Download URL : http://www.content-builder.de/modules/download/download.php?id=821 The Content Builder is a powerful German...
Content Builder 0.7.5 - postComment.php Remote File Inclusion
Content Builder 0.7.5 - postComment.php Remote File Inclusion source: https://www.securityfocus.com/bid/25914/info ContentBuilder CB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to...