PT-2026-41371

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse anothe...

EUVD-2026-11319

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block vulnerability

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin = 1.5.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Count Up block vulnerability discovered by zer0gh0st in WordPress Plugin Gutenify versions = 1.5.9...

EUVD-2008-2746

Malware in sbrugna...

AI Website Builder Lovable Abused for Phishing and Malware Scams

Scammers have been spotted abusing AI site builder Lovable to mimic trusted brands, steal credentials, drain crypto wallets,…...

confluence-static-site-builder (>=1.0.0-m04 <=1.0.0-m08) potentially affected by unknown CVE via commnader (=0.0.1-security)

commnader NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on commnader and may be impacted: - confluence-static-site-builder =1.0.0-m04, =1.0.0-m08 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17424...

ProcessMaker 代码问题漏洞

ProcessMaker is a Php-written site builder for business process management BPM and workflow management from ProcessMaker Inc. in the United States. A security vulnerability exists in ProcessMaker versions prior to 3.5.4 that stems from improper handling of plugin uploads, which could lead to remo...

CVE-2024-54369

Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through = 1.0.2...

Exploit for CVE-2024-54369

Zita Site Builder Exploit Guide Overview Zita Site Buil...

CVE-2024-12449 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisperplayerhtml' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-12449

CVE-2024-12449 affects the Video Share VOD – Turnkey Video Site Builder Script WordPress plugin. It is a Stored XSS in the videowhisper_player_html shortcode present in all versions up to 2.6.30 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation r...

CVE-2024-54369

Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through = 1.0.2...

CVE-2024-54369 WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2...

CVE-2024-54369

CVE-2024-54369 pertains to Zita Site Builder (WordPress) up to version 1.0.2, where Missing Authorization to Arbitrary Plugin Installation enables Accessing/Activating plugins without proper ACL checks. Connected Red Hat advisory and RH security notes describe the issue as a Missing Authorization...

CVE-2024-54369 WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through = 1.0.2...

WordPress plugin Zita Site Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-36255 · Unknown · Zita Site Builder

Name of the Vulnerable Software and Affected Versions: Zita Site Builder versions 1.0.2 and earlier Description: The issue is related to a missing authorization vulnerability in Zita Site Builder, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This mea...

WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Zita Site Builder versions = 1.0.2...

Number withdrawn

SourceCodester Employee Management System is a php-based website builder for employee performance management from SourceCodester, USA. The CVE number has been withdrawn...

EI Tube YouTube API 3 SQL Injection

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...