90 matches found
WordPress plugin Beaver Builder – WordPress Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver...
CVE-2024-54213
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zionbuilder ZionBuilder zionbuilder allows Stored XSS.This issue affects ZionBuilder: from n/a through = 3.6.16...
CVE-2024-54213 WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zionbuilder ZionBuilder zionbuilder allows Stored XSS.This issue affects ZionBuilder: from n/a through = 3.6.16...
CVE-2024-54213
CVE-2024-54213 refers to a Stored XSS vulnerability in the WordPress Page Builder plugin Zion Builder ( Zion Builder ) for WordPress. The issue arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected versions are Zion Builder from n/a u...
WordPress Page Parts Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Page Parts Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11360 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6c5273fd367a Credits vgo0 Required privileg...
CVE-2024-9505
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress plugin Beaver Builder – WordPress Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Beaver...
WordPress Page Builder: Live Composer Plugin <= 1.5.50 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.50 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35768 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b331f6102ccd Credits savphill Required privilege...
WordPress Page Builder by SiteOrigin Plugin <= 2.29.15 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.15 Fixed in 2.29.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4361 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f447bc1bf9e Credits...
CVE-2024-4430 Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-3923 Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linktarget parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Page Builder: Live Composer Plugin <= 1.5.38 is vulnerable to Broken Access Control
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.38 Fixed in 1.5.39 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32957 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 6edbbb14734c Credits savphill Requir...
WordPress Page Builder: Live Composer Plugin <= 1.5.35 is vulnerable to Cross Site Request Forgery (CSRF)
Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.35 Fixed in 1.5.36 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31933 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c287b96c4dbe Credits Brand...
CVE-2024-30444
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zionbuilder.Io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.9...
CVE-2024-30444
CVE-2024-30444 describes a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Zion Builder (zionbuilder.io). According to the Red Hat entry, the issue is caused by improper neutralization of input during web page generation, enabling stored XSS. The vulnerability affects Zion...
WordPress Plugin WordPress Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WordPress Page...
WordPress WordPress Page Builder – Zion Builder Plugin <= 3.6.9 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Page Builder – Zion Builder Type Plugin Vulnerable versions = 3.6.9 Fixed in 3.6.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30444 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b53fed734ad9 Credits savphill Requir...
WordPress Page Builder by SiteOrigin Plugin <= 2.29.6 is vulnerable to Cross Site Scripting (XSS)
Software Page Builder by SiteOrigin Type Plugin Vulnerable versions = 2.29.6 Fixed in 2.29.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92274a8f9656 Credits Webbernaut...
CVE-2024-1080
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-0897
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...