3 results (0.005 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42. Vulnerabilidad de deserialización de datos no confiables en Live Composer Team Page Builder: Live Composer. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.42. The Page Builder: Live Composer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.42 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-42-contributor-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38. Vulnerabilidad de autorización faltante en Live Composer Team Page Builder: Live Composer. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.38. The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslc_ajax_add_module() function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level access and above, to add modules. • https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-38-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Live Composer Team Page Builder: Live Composer. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.35. The Page Builder: Live Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.35. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •