CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50419 – WordPress Greenshift plugin <= 9.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50419
Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7. La vulnerabilidad de autorización incorrecta en Wpsoul Greenshift – animation and page builder blocks permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los bloques de animación y creación de páginas Greenshift: desde n/a hasta 9.7. The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 9.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/greenshift-animation-and-page-builder-blocks/wordpress-greenshift-animation-and-page-builder-blocks-plugin-9-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50430 – Beaver Builder <= 2.8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-50430
The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50449 – WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50449
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Stored XSS.This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.4. The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/pdf-generator-addon-for-elementor-page-builder/wordpress-pdf-generator-addon-for-elementor-page-builder-plugin-1-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49325 – WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability
https://notcve.org/view.php?id=CVE-2024-49325
Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. The Photo Gallery Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function intended for users with higher level of privilege. • https://patchstack.com/database/vulnerability/photo-gallery-builder/wordpress-photo-gallery-builder-plugin-3-0-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49225 – WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49225
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Swebdeveloper wpPricing Builder allows Stored XSS.This issue affects wpPricing Builder: from n/a through 1.5.0. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en wpPricing Builder de Swebdeveloper permite XSS almacenado. Este problema afecta a wpPricing Builder: desde n/a hasta 1.5.0. The wpPricing Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wppricing-builder-lite-responsive-pricing-table-builder/wordpress-wppricing-builder-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •