3 matches found
CVE-2025-1777
creationtimestamp| type| source ---|---|--- 2025-06-06 09:04:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqwi4tzrbu2m...
CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-1777 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'uxcbpageoptionssave' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and...