698 matches found
CVE-2025-69390 WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Business Template Blocks for WPBakery Visual Composer Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for...
CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...
CVE-2025-68531
CVE-2025-68531 applies to ModelTheme Addons for WPBakery and Elementor (modeltheme-addons-for-wpbakery). Deserialization of untrusted data allows PHP object injection in versions before 1.5.6; authenticated (Contributor+) exploit shown in PT-2026 advisories. Patch: upgrade to v1.5.6 or later. Imp...
CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087
The CVE-2025-60087 entry describes a Local File Inclusion in the WordPress plugin Extensive VC Addons for WPBakery page builder (versions up to and including 1.9.1). The root cause is improper control of filename for include/require statements in PHP, enabling LFI via PHP Include/Require operatio...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-2384
The CVE-2026-2384 entry documents a Stored Cross-Site Scripting (SXS) vulnerability in the WordPress Quiz Maker plugin (versions up to and including 6.7.1.7) exploited via the vc_quizmaker shortcode. Impact requires authenticated access (Contributor+); the flaw stems from insufficient input sanit...
CVE-2026-2384
The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vcquizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2026-21090
Name of the Vulnerable Software and Affected Versions ModelTheme Addons for WPBakery and Elementor versions prior to 1.5.6 Description A flaw exists in ModelTheme Addons for WPBakery and Elementor that allows for Object Injection due to deserialization of untrusted data. This issue impacts the...
WordPress plugin Business Template Blocks for WPBakery (Visual Composer) Page Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
PT-2026-21039
Name of the Vulnerable Software and Affected Versions Extensive VC Addons for WPBakery page builder versions through 1.9.1 Description A flaw exists in Extensive VC Addons for WPBakery page builder that allows for PHP Local File Inclusion due to improper control of filename for include/require...
WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress Classic Addons - WPBakery Page Builder plugin <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion vulnerability
WordPress Classic Addons - WPBakery Page Builder plugin = 3.0 - Authenticated Contributor+ Limited Local PHP File Inclusion vulnerability discovered by Nishiv - Developer in WordPress Plugin Classic Addons – WPBakery Page Builder versions = 3.0...
WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Title tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...
WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Heading tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
WordPress WPBakery Page Builder plugin <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via VC Single Image link attribute vulnerability discovered by wesley wcraft in WordPress Plugin WPBakery Page Builder versions = 7.6...