CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

689 matches found

Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains. id: CVE-2023-0159 info:...

7.5CVSS7.2AI score0.92658EPSS

Exploits3References5

Patchstack•added 2026/05/27 9:13 a.m.•4 views

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.4CVSS5.8AI score0.0003EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 6:46 a.m.•22 views

CVE-2026-3895 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS0.0003EPSS

Exploits0References4

ATTACKERKB•added 2026/05/27 6:46 a.m.•2 views

CVE-2026-3895

6.4CVSS5.8AI score0.0003EPSS

Exploits0References5

EUVD•added 2026/05/27 6:46 a.m.•4 views

EUVD-2026-32104

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcacarousel and lvcapostscarousel shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically,...

6.4CVSS6AI score0.00032EPSS

Exploits0References3

Cvelist•added 2026/05/27 6:46 a.m.•23 views

CVE-2026-2030 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00032EPSS

Exploits0References3

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin WPBakery Page Builder Addons by Livemesh 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application add-on. The WordPre...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43547

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca admin ajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce...

6.4CVSS5.8AI score0.0003EPSS

Exploits0References5

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin WPBakery Page Builder Addons by Livemesh 安全漏洞

6.4CVSS5.8AI score0.0003EPSS

Exploits0References4

Patchstack•added 2026/05/13 1:3 p.m.•3 views

WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ethan Consulting in WordPress Plugin WPBakery Page Builder versions = 8.7.2...

5.8AI score

Exploits0Affected Software1

NVD•added 2026/04/01 9:16 a.m.•0 views

CVE-2026-34889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...

6.5CVSS0.00013EPSS

Exploits0References1

Vulnrichment•added 2026/04/01 8:51 a.m.•1 views

CVE-2026-34889 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1

ATTACKERKB•added 2026/04/01 8:51 a.m.•2 views

CVE-2026-34889

6.5CVSS5.9AI score0.00013EPSS

Exploits0References2

Patchstack•added 2026/04/01 8:50 a.m.•2 views

WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions 3.21.4...

6.5CVSS5.9AI score0.00013EPSS

Exploits0Affected Software1

Positive Technologies•added 2026/04/01 12:0 a.m.•1 views

PT-2026-29500

6.5CVSS5.9AI score0.00013EPSS

Exploits0References2

CNNVD•added 2026/04/01 12:0 a.m.•1 views

WordPress Plugin Ultimate Addons for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.6AI score0.00013EPSS

Exploits0References1

RedhatCVE•added 2026/03/06 7:54 a.m.•1 views

CVE-2026-28038

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

6.5CVSS5.8AI score0.00039EPSS

Exploits0References1

EUVD•added 2026/03/05 6:30 a.m.•2 views

EUVD-2026-9700

6.5CVSS5.9AI score0.00039EPSS

Exploits0References2

NVD•added 2026/03/05 6:16 a.m.•1 views

CVE-2026-28038

6.5CVSS0.00039EPSS

Exploits0References1

Cvelist•added 2026/03/05 5:54 a.m.•27 views

CVE-2026-28038 WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability