Lucene search
K

171 matches found

Patchstack
Patchstack
added 2026/02/02 8:6 p.m.7 views

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

6.4CVSS5.2AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:38 p.m.7 views

WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Heading Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

6.4CVSS8.3AI score0.00343EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 4:10 a.m.6 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.8 views

CVE-2024-2143

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00343EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress WC Builder plugin <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via 'headingcolor' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WC Builder versions = 1.2.0...

4.4CVSS5.9AI score0.00199EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/22 2:35 a.m.5 views

CVE-2025-14054

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS5AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/21 3:31 a.m.4 views

EUVD-2025-204650

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS4.6AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/21 2:20 a.m.3 views

CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS4.6AI score0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.16 views

CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS0.00199EPSS
Exploits0References4
CVE
CVE
added 2025/12/21 2:20 a.m.13 views

CVE-2025-14054

CVE-2025-14054 concerns WC Builder – WooCommerce Page Builder for WPBakery (WordPress). The vulnerability is a Stored Cross-Site Scripting in the wpbforwpbakery_product_additional_information shortcode, triggered by the heading_color parameter (and other styling params). Affected products/version...

4.4CVSS4.7AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/15 6:43 a.m.2 views

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS4.6AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 6:43 a.m.15 views

CVE-2025-11161

CVE-2025-11161 affects the WPBakery Page Builder plugin for WordPress (versions up to 8.6.1). The vulnerability is a Stored Cross-Site Scripting (XSS) in the vc_custom_heading shortcode due to insufficient restriction of allowed HTML tags and improper sanitization of font_container attributes. Th...

6.4CVSS4.6AI score0.00194EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/15 6:43 a.m.10 views

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 6:43 a.m.8 views

EUVD-2025-34533

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS4.5AI score0.00194EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/15 12:22 a.m.6 views

WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability

Stored Cross-Site Scripting via vccustomheading Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...

6.4CVSS5.6AI score0.00194EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-47872

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00894EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27639

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00216EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.16 views

CVE-2025-9123

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/11 7:25 a.m.4 views

CVE-2025-9123 CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00216EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.7 views

PT-2025-37141

The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup heading and location address parameters in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00216EPSS
Exploits0References3
Rows per page
Query Builder