Lucene search
K

698 matches found

Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.5 views

CVE-2025-69390 WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Business Template Blocks for WPBakery Visual Composer Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for...

7.1CVSS5.3AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

5.3AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.14 views

CVE-2025-68531

CVE-2025-68531 applies to ModelTheme Addons for WPBakery and Elementor (modeltheme-addons-for-wpbakery). Deserialization of untrusted data allows PHP object injection in versions before 1.5.6; authenticated (Contributor+) exploit shown in PT-2026 advisories. Patch: upgrade to v1.5.6 or later. Imp...

8.8CVSS5.5AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.22 views

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

8.8CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.26 views

CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS0.00578EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.24 views

CVE-2025-60087

The CVE-2025-60087 entry describes a Local File Inclusion in the WordPress plugin Extensive VC Addons for WPBakery page builder (versions up to and including 1.9.1). The root cause is improper control of filename for include/require statements in PHP, enabling LFI via PHP Include/Require operatio...

8.1CVSS5.5AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS5.5AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 2:23 a.m.6 views

CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 2:23 a.m.20 views

CVE-2026-2384

The CVE-2026-2384 entry documents a Stored Cross-Site Scripting (SXS) vulnerability in the WordPress Quiz Maker plugin (versions up to and including 6.7.1.7) exploited via the vc_quizmaker shortcode. Impact requires authenticated access (Contributor+); the flaw stems from insufficient input sanit...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/20 2:23 a.m.6 views

CVE-2026-2384

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21090

Name of the Vulnerable Software and Affected Versions ModelTheme Addons for WPBakery and Elementor versions prior to 1.5.6 Description A flaw exists in ModelTheme Addons for WPBakery and Elementor that allows for Object Injection due to deserialization of untrusted data. This issue impacts the...

5.5AI score0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin Business Template Blocks for WPBakery (Visual Composer) Page Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

7.1CVSS5.6AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21039

Name of the Vulnerable Software and Affected Versions Extensive VC Addons for WPBakery page builder versions through 1.9.1 Description A flaw exists in Extensive VC Addons for WPBakery page builder that allows for PHP Local File Inclusion due to improper control of filename for include/require...

5.4AI score0.00578EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

8.1CVSS5.8AI score0.00578EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 6:48 a.m.7 views

WordPress Classic Addons - WPBakery Page Builder plugin <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion vulnerability

WordPress Classic Addons - WPBakery Page Builder plugin = 3.0 - Authenticated Contributor+ Limited Local PHP File Inclusion vulnerability discovered by Nishiv - Developer in WordPress Plugin Classic Addons – WPBakery Page Builder versions = 3.0...

7.5CVSS5.4AI score0.00873EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:7 p.m.9 views

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

6.4CVSS5.2AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:6 p.m.7 views

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

6.4CVSS5.2AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:30 a.m.5 views

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

6.4CVSS5.3AI score0.00297EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:28 a.m.8 views

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

6.4CVSS5.3AI score0.00297EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:26 a.m.9 views

WordPress WPBakery Page Builder plugin <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via VC Single Image link attribute vulnerability discovered by wesley wcraft in WordPress Plugin WPBakery Page Builder versions = 7.6...

6.4CVSS5.3AI score0.00305EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder