Lucene search

K
ExtendthemesColibri Page Builder

6 matches found

CVE
CVE
added 2024/01/11 9:15 a.m.60 views

CVE-2023-6988

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.2AI score0.00164EPSS
CVE
CVE
added 2024/04/02 7:16 a.m.44 views

CVE-2024-2839

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. Thi...

6.4CVSS7.6AI score0.00142EPSS
CVE
CVE
added 2024/05/02 5:15 p.m.42 views

CVE-2024-3337

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it poss...

6.4CVSS5.7AI score0.00229EPSS
CVE
CVE
added 2024/06/06 11:15 a.m.41 views

CVE-2024-5038

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att...

6.4CVSS5.5AI score0.00169EPSS
CVE
CVE
added 2024/06/07 7:15 a.m.38 views

CVE-2024-4451

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.5AI score0.00224EPSS
CVE
CVE
added 2023/12/21 6:15 p.m.34 views

CVE-2023-50833

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239.

6.5CVSS5.9AI score0.00155EPSS