CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32565 – WordPress App Builder plugin <= 3.8.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32565
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appcheap.Io App Builder allows Stored XSS.This issue affects App Builder: from n/a through 3.8.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Appcheap.Io App Builder permite almacenar XSS. Este problema afecta a App Builder: desde n/a hasta 3.8.8. The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/app-builder/wordpress-app-builder-plugin-3-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31933 – WordPress Page Builder: Live Composer plugin <= 1.5.35 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31933
Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Live Composer Team Page Builder: Live Composer. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.35. The Page Builder: Live Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.35. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6694 – Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
https://notcve.org/view.php?id=CVE-2023-6694
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Beaver Themer para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de los códigos cortos del complemento en todas las versiones hasta la 1.4.9 incluida debido a una sanitización de entrada insuficiente y a un escape de salida en los campos personalizados proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://www.wordfence.com/threat-intel/vulnerabilities/id/b8428a92-8b0a-4a9a-8f7e-571c252973c2?source=cve https://www.wpbeaverbuilder.com/change-logs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31272 – WordPress ARForms Form Builder plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31272
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Repute InfoSystems ARForms Form Builder. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.1. The ARForms Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31270 – WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31270
Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. Vulnerabilidad de autorización faltante en Repute InfoSystems ARForms Form Builder. Este problema afecta a ARForms Form Builder: desde n/a hasta 1.6.1. The ARForms Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/arforms-form-builder/wordpress-arforms-form-builder-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •