CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30453 – WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30453
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brave Brave Popup Builder. Este problema afecta a Brave Popup Builder: desde n/a hasta 0.6.5. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-6-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30452 – WordPress Landing Page Builder plugin <= 1.5.1.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30452
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site Scripting") en PluginOps Landing Page Builder permite XSS almacenado. Este problema afecta a Landing Page Builder: desde n/a hasta 1.5.1.7. The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/page-builder-add/wordpress-landing-page-builder-plugin-1-5-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2951 – WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-2951
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Metagauss RegistrationMagic. Este problema afecta a RegistrationMagic: desde n/a hasta 5.3.0.0. The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.0.0. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-3-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28004 – WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-28004
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. Vulnerabilidad de autorización faltante en ExtendThemes Colibri Page Builder. Este problema afecta a Colibri Page Builder: desde n/a hasta 1.0.248. The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_colibri_page_builder_wpmu_setting AJAX action in all versions up to, and including, 1.0.248. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify settings. • https://patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-248-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2888 – WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-2888
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en BoldGrid Post y Page Builder de BoldGrid: el editor visual de arrastrar y soltar permite almacenar XSS. Este problema afecta a Post y Page Builder de BoldGrid: editor visual de arrastrar y soltar : desde n/a hasta 1.26.2. The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Block HTML in all versions up to, and including, 1.26.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-26-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •