Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.13 views

PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery

Description The PeproDev CF7 Database plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unkno...

4.3CVSS4.4AI score0.002EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Popup Anything < 2.8.1 - Missing Authorization

Description The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaocrenderpopuppreview function in all versions up to, and including, 2.8.0. This makes it possible for...

5.3CVSS5.1AI score0.0042EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.12 views

Schema & Structured Data for WP & AMP < 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks

Description The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.12 views

Collapse-O-Matic < 1.8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

WP Datepicker < 2.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

Description The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS6.9AI score0.00911EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Attesa Extra < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Attesa Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

BMI Adult & Kid Calculator < 1.2.2 - Cross-Site Request Forgery to Cross-Site Scripting

Description The BMI Adult & Kid Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on several AJAX functions. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.6AI score0.00184EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.12 views

Mega Addons For Elementor < 1.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.4CVSS5.4AI score0.00387EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.16 views

PeproDev Ultimate Invoice < 2.0.2 - Missing Authorisation

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing unauthenticated attacker to perform an unauthorized action...

5.3CVSS6.2AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.13 views

App Builder < 3.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping on user supplied...

6.5CVSS5.6AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.11 views

Wp Ultimate Review < 2.3.0 - Unauthenticated Review Restriction Bypass

Description The WP Ultimate Review plugin for WordPress is vulnerable to bypass review restrictions in all versions up to, and including, 2.2.5. This is due to the plugin not properly enforcing review restrictions. This makes it possible for unauthenticated attackers to review things multiple tim...

5.3CVSS6.8AI score0.00388EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.18 views

Multi Currency For WooCommerce < 1.5.6 - Missing Authorization

Description The Multi Currency For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the AddAdminAjaxAction function in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.4AI score0.0046EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.16 views

Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below code in...

8.3AI score0.00353EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.12 views

Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization

Description The Ovic Responsive WPBakery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

5.4CVSS5.2AI score0.00387EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.11 views

Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting

Description The Access Category Password plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6.4AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.18 views

Premium Addons for Elementor < 4.10.29 - Contributor+ Stored Cross-Site Scripting

Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.11 views

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Missing Authorization

Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and...

6.3AI score0.00161EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.18 views

MyRewards < 5.3.1 - Missing Authorization

Description The MyRewards plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /assets/lws-adminpanel/include/internal/ajax.php file in versions up to, and including, 5.3.0. This makes it possible for authenticated attackers, with...

6.5CVSS6.5AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

FileOrganizer and FileOrganizer Pro < 1.0.7 - Authenticated Stored Cross-Site Scripting

Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS6AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.19 views

Zero Spam < 5.5.7 - Spam Protection Bypass

Description The plugin is vulnerable to bypass, allowing unauthenticated attackers to bypass spam protections in place...

5.3CVSS9.5AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

WPC Frequently Bought Together for WooCommerce < 7.0.4 - Missing Authorization

Description The WPC Frequently Bought Together for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxgetsearchresults, ajaximportexport, and ajaximportexportsave functions in versions up to, and including, 7.0.3. This makes it...

4.3CVSS6.5AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.32 views

Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload

Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level acces...

9.9CVSS9.6AI score0.0065EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.18 views

Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization

Description The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, ...

4.3CVSS4.4AI score0.0046EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.10 views

Wp Ultimate Review < 2.3.0 - Unauthenticated Insecure Direct Object Reference

Description The WP Ultimate Review plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7.5CVSS6.8AI score0.00464EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.4AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.7 views

KODO Qiniu < 1.5.1 - Cross-Site Request Forgery

Description The KODO Qiniu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.5.1 exclusive. This is due to missing or incorrect nonce validation on the kodosettingpage function. This makes it possible for unauthenticated attackers to replace URLs via a forge...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.18 views

WP Dummy Content Generator < 3.3.0 - Unauthenticated Code Injection

Description The WP Dummy Content Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 3.3.0 exclusive. This makes it possible for unauthenticated attackers to execute code on the server...

10CVSS9.8AI score0.00701EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.10 views

Shared Files < 1.7.17 - Missing Authorization to Notice Dismissal

Description The Shared Files plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processnotifications function in versions up to, and including, 1.7.16. This makes it possible for unauthenticated attackers to dismiss notices...

5.3CVSS6.7AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.15 views

TrackShip for WooCommerce < 1.7.6 - Missing Authorization

Description The TrackShip for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.3CVSS6.6AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.14 views

Custom Thank You Page Customize For WooCommerce by Binary Carpenter < 1.4.14 - Missing Authorization

Description The Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the activationcallback function in all versions up to, and including, 1.4.13. This makes it possible for authenticated...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.19 views

wpDiscuz < 7.6.16 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text

Description The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.15 views

Bulk Block Converter <= 1.0.1 - Reflected Cross-Site Scripting

Description The Bulk Block Converter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.4AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.16 views

WPC Grouped Product for WooCommerce < 4.4.3 - Missing Authorization

Description The WPC Grouped Product for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxupdatesearchsettings, ajaxgetplugins, and ajaxgetessentialkit functions in all versions up to, and including, 4.4.2. This makes it possible fo...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

Order Limit for WooCommerce < 2.0.1 - Missing Authorization

Description The Order Limit for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saverules, savewcoloptions, xsollwcsupportform, and wcolloadnewrow functions in versions up to, and including, 2.0.0. This makes it possible for...

6.5CVSS6.6AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.23 views

Theme My Login < 7.1.7 - Missing Authorization to Notice Dismissal

Description The Theme My Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tmladminajaxdismissnotice function in all versions up to, and including, 7.1.6. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.22 views

Wp Ultimate Review < 2.3.0 - Missing Authorization

Description The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wurmetaboxcontentsave function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to leave reviews on password...

7.5CVSS6.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

Open Close WooCommerce Store < 4.9.2 - Missing Authorization

Description The Open Close WooCommerce Store – Best Business Schedules Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchactive and ajaxupdatetimezone functions in all versions up to, and including, 4.9.1. This makes...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.14 views

Send PDF for Contact Form 7 < 1.0.2.4 - Missing Authorization

Description The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download...

5.3CVSS6.7AI score0.00691EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.11 views

Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery

Description The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.7AI score0.00253EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.9 views

Flash Video Player <= 5.0.4 - Cross-Site Request Forgery

Description The Flash Video Player plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action v...

6.4AI score0.00117EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.13 views

WP Social Comments < 1.7.4 - Missing Authorization via wpfc_allow_comments()

Description The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcallowcomments function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.5AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.10 views

Royal Elementor Addons and Templates < 1.3.972 - Contributor+ DOM-Based Stored Cross-Site Scripting

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.13 views

Exclusive Addons for Elementor < 2.6.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action

Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.8 views

Exclusive Addons for Elementor < 2.6.9.4 - Contributor+ Stored Cross-Site Scripting

Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.19 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

8.8CVSS7.6AI score0.01405EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

Colibri Page Builder < 1.0.264 - Author+ Stored Cross-Site Scripting

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.16 views

Prime Slider – Addons For Elementor < 3.14.1 - Contributor+ Stored Cross-Site Scripting

Description The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used i...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.14 views

Rank Math SEO with AI SEO Tools < 1.0.217 - Contributor+ Stored Cross-Site Scripting via 'titleWrapper'

Description The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS5.9AI score0.00453EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.11 views

Colibri Page Builder < 1.0.272 - Contributor+ Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603