Page Builder Security Vulnerabilities and Issues — Page Builder CVE List

Lucene search

WpbakeryPage Builder

8 matches found

CVE•added 2020/11/16 4:15 a.m.•113 views

CVE-2020-28650

The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.

6.4CVSS5.2AI score0.00154EPSS

CVE•added 2024/05/02 5:15 p.m.•105 views

CVE-2024-1841

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher...

6.4CVSS5.8AI score0.00144EPSS

CVE•added 2023/06/22 11:15 a.m.•93 views

CVE-2023-31213

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin

6.5CVSS5.5AI score0.00105EPSS

CVE•added 2024/05/02 5:15 p.m.•65 views

CVE-2024-1840

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or highe...

6.4CVSS5.8AI score0.00144EPSS

CVE•added 2024/05/02 5:15 p.m.•64 views

CVE-2024-1805

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher...

6.4CVSS5.8AI score0.00144EPSS

CVE•added 2024/05/02 5:15 p.m.•57 views

CVE-2024-1842

The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or hi...

6.4CVSS5.8AI score0.00157EPSS

CVE•added 2024/08/29 6:15 p.m.•36 views

CVE-2024-43953

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0.

6.5CVSS6.2AI score0.00064EPSS

CVE•added 2025/06/19 7:15 a.m.•9 views

CVE-2025-4965

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible ...

6.4CVSS5.7AI score0.00034EPSS