CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Patchstack•added 2026/05/26 5:34 p.m.•5 views

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/04/02 10:53 a.m.•0 views

CVE-2026-34889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1

Positive Technologies•added 2026/02/20 12:0 a.m.•3 views

PT-2026-21171

Name of the Vulnerable Software and Affected Versions themobon Business Template Blocks for WPBakery Visual Composer Page Builder versions through 1.3.2 Description A flaw exists in themebon Business Template Blocks for WPBakery Visual Composer Page Builder that allows for Reflected Cross-site...

5.4AI score0.00045EPSS

Exploits0References3

RedhatCVE•added 2026/01/24 3:17 p.m.•3 views

CVE-2026-24594

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through = 3.9.4...

5.9CVSS5.4AI score0.00017EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:29 a.m.•1 views

CVE-2023-50889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2...

6.5CVSS6.7AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2025/12/25 1:23 p.m.•1 views

CVE-2025-68574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through = 1.0.4.3...

5.9CVSS6.4AI score0.00027EPSS

Exploits0References1

Vulnrichment•added 2025/12/24 1:10 p.m.•3 views

CVE-2025-68598 WordPress Page Builder: Live Composer plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through = 2.0.5...

5.6AI score0.00029EPSS

Exploits0References1

Vulnrichment•added 2025/12/04 6:48 a.m.•2 views

CVE-2025-12782 Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

4.3CVSS5.6AI score0.00036EPSS

Exploits0References2

RedhatCVE•added 2025/11/07 5:32 p.m.•1 views

CVE-2025-62044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...

6.5CVSS6.4AI score0.00031EPSS

Exploits0References1

CVE•added 2025/10/16 4:27 a.m.•6 views

CVE-2025-11814

The CVE-2025-11814 entry concerns the Ultimate Addons for WPBakery Page Builder (WordPress). It describes a Stored Cross-Site Scripting vulnerability in all versions up to 3.21.1 (exclusive) caused by insufficient input sanitization and output escaping. The issue could allow unauthenticated attac...

6.4CVSS4.9AI score0.00144EPSS

Exploits0References2

EUVD•added 2025/10/15 6:43 a.m.•2 views

EUVD-2025-34532

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

6.4CVSS4.7AI score0.00024EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-55622

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00155EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28151

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00047EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28531

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00047EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-28530

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00047EPSS

Exploits0References1

OSV•added 2025/08/28 3:15 a.m.•1 views

CVE-2025-8897

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'flbuilder' parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6AI score

Exploits0References2

NVD•added 2025/08/20 8:15 a.m.•2 views

CVE-2025-53559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player - Addon for WPBakery Page Builder lbg-universal-video-player-addon-visual-composer allows Reflected XSS.This issue affects Universal Video Player - Addon for...

7.1CVSS0.00047EPSS

Exploits0References1

CVE•added 2025/08/20 8:3 a.m.•10 views

CVE-2025-48154

CVE-2025-48154 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder , affecting versions

7.1CVSS5.9AI score0.00047EPSS

Exploits0References1

NVD•added 2025/08/14 11:15 a.m.•2 views

CVE-2025-30626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbgvpyoutubevimeoaddonvisualcomposer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakery Pa...

7.1CVSS0.00051EPSS

Exploits0References1

CNNVD•added 2025/08/14 12:0 a.m.•0 views

WordPress plugin Multimedia Playlist Slider Addon for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.8AI score0.00051EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by