CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2026-1834

CVE-2026-1834 affects the Ibtana – WordPress Website Builder plugin for WordPress. The issue is a Stored Cross-Site Scripting vulnerability via the plugin's 'ive' shortcode in all versions up to and including 1.2.5.7 , caused by insufficient input sanitization and output escaping on user-supplied...

PT-2026-21034

Name of the Vulnerable Software and Affected Versions staviravn AIO WP Builder versions through 2.0.2 Description An authorization issue exists in staviravn AIO WP Builder all-in-one-wp-builder, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

WordPress WC Builder plugin <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via 'headingcolor' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WC Builder versions = 1.2.0...

EUVD-2025-38079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...

CVE-2024-9457

The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

WordPress WP Builder plugin <= 3.0.7 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Builder versions = 3.0.7...

WordPress plugin Web and WooCommerce Addons for WPBakery Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-25573 · Avirtum · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: Avirtum iPanorama 360 WordPress Virtual Tour Builder versions 1.8.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder. Recommendations: For Avirtum...

CVE-2023-50893

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4...

WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.0.16 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin versions = 1.0.16. Solution Update the WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin to the latest available...

Elementor 跨站脚本漏洞

Elementor is a WordPress page builder from the Elementor team that offers a variety of design elements and supports custom templates and more. A cross-site scripting vulnerability exists in versions prior to Elementor 1.5.5.5, which stems from susceptibility to cross-site scripting XSS stored by...