WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget vulnerability

WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Icons Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for Beaver Builder – Lite Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43151 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2ad79bb3d87 Credits Khalid Yusu...

WordPress Ultimate Addons for Elementor Plugin <= 1.36.31 is vulnerable to Privilege Escalation

Software Ultimate Addons for Elementor Type Plugin Vulnerable versions = 1.36.31 Fixed in 1.36.32 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-37455 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID accfb8b8dfc3 Credits Ngô...

CVE-2023-46205 WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.14...

WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for Beaver Builder – Lite Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2141 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e2332e71a3c3 Credit...

WordPress Ultimate Addons for Elementor Plugin <= 1.36.20 is vulnerable to Privilege Escalation

Software Ultimate Addons for Elementor Type Plugin Vulnerable versions = 1.36.20 Fixed in 1.36.21 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-50890 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID...

WordPress Ultimate Addons for Beaver Builder Plugin <= 1.35.14 is vulnerable to Privilege Escalation

Software Ultimate Addons for Beaver Builder Type Plugin Vulnerable versions = 1.35.14 Fixed in 1.35.15 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-51398 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID...

WordPress Ultimate Addons for Beaver Builder Plugin <= 1.35.13 is vulnerable to Arbitrary File Download

Software Ultimate Addons for Beaver Builder Type Plugin Vulnerable versions = 1.35.13 Fixed in 1.35.14 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-51401 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 8fb95010e714 Credits Rafi...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.14 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.14 Fixed in 3.19.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46211 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID e15e4a96621e...

WordPress Ultimate Addons for Elementor premium plugin <= 1.29.2 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress Ultimate Addons for Elementor premium plugin versions = 1.29.2. Solution Update the WordPress Ultimate Addons for Elementor premium plugin to the latest available version at least 1.30.0...

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version: Ultimate Addons for Beaver Builder | || |...

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version:...