22 matches found
EUVD-2021-11122
Malware in sbrugna...
EUVD-2021-11121
Malware in sbrugna...
EUVD-2022-44209
Malicious code in bioql PyPI...
CVE-2022-3830
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2021-24208
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...
CVE-2022-3830
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3830
The CVE-2022-3830 issue affects WP Page Builder
WordPress plugin WP Page Builder cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WP Page Builder version 1.2.6 and prior versions are vulnerable. An attacker could use this...
CVE-2022-40963
Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...
CVE-2022-40963
Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...
Cross site scripting
Multiple Auth. author+ Stored Cross-Site Scripting XSS vulnerabilities in WP Page Builder plugin = 1.2.6 on WordPress...
CVE-2022-40963
CVE-2022-40963 concerns the WordPress plugin WP Page Builder (versions ≤ 1.2.6). The vulnerability is a Stored XSS in which parameters are not properly sanitized/escaped, enabling authenticated users with Author+ privileges to inject scripts. Impact is cross-site scripting within WordPress pages ...
WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Navigate to Setting » add the payload: ", into...
WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Navigate to Setting » add the payload: ", int...
WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress WP Page Builder plugin versions = 1.2.6. Solution Update the WordPress WP Page Builder plugin to the latest available version at least 1.2.7...
CVE-2021-24207
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages...
CVE-2021-24208
Summary: CVE-2021-24208 affects WP Page Builder WordPress plugin (versions before 1.2.4). The issue is stored cross-site scripting (XSS) via the editor widgets in the page builder. Lower-privileged users can insert unfiltered HTML, including JavaScript, into pages through the Raw HTML and Custom ...
CVE-2021-24207
CVE-2021-24207 affects the WordPress WP Page Builder plugin (versions
WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)
The editor of the plugin allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side...