CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56286 – WordPress Classic Addons – WPBakery Page Builder plugin <= 3.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-56286
03 Jan 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0. Vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') en Classic Addons Classic Addons – WPBakery Page Builder permite la inclusión de archivos locales PHP. Este problema afecta a Classic Addons – WPBaker... • https://patchstack.com/database/wordpress/plugin/classic-addons-wpbakery-page-builder-addons/vulnerability/wordpress-classic-addons-wpbakery-page-builder-plugin-3-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56298 – WordPress Pretty Simple Popup Builder Plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56298
03 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.9. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en 5 Star Plugins Pretty Simple Popup Builder permite XSS almacenado. Este problema afecta a Pretty Simple Popup Builder: desde n/a hasta 1.0.9. The Pretty S... • https://patchstack.com/database/wordpress/plugin/pretty-simple-popup-builder/vulnerability/wordpress-pretty-simple-popup-builder-plugin-1-0-9-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56216 – WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-56216
19 Dec 2024 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3. Vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivo remoto PHP') en Themify Themify Builder permite la inclusión de archivos locales PHP. Este problema afecta a Themify Builder: desde n/a ha... • https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55983 – WordPress PowerFormBuilder plugin <= 1.0.6 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-55983
14 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6. The PowerFormBuilder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subs... • https://patchstack.com/database/wordpress/plugin/power-forms-builder/vulnerability/wordpress-powerformbuilder-plugin-1-0-6-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54382 – WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-54382
11 Dec 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. The Bold Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.1.5. This makes it possible for authenticated attackers, with Editor-level access and above, to include .txt files outside of the originally intended directory. • https://patchstack.com/database/wordpress/plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-plugin-5-1-5-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54276 – WordPress Poll Builder plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54276
11 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5. The Poll Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in... • https://patchstack.com/database/wordpress/plugin/poll-builder/vulnerability/wordpress-poll-builder-plugin-1-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-54369 – WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability
https://notcve.org/view.php?id=CVE-2024-54369
11 Dec 2024 — Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. The Zita Site Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins. • https://github.com/RandomRobbieBF/CVE-2024-54369 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54223 – WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54223
05 Dec 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1. The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.7.1. This is due to the plugin not properly sanitizing and escaping data. This makes it possible for unauthenticated att... • https://patchstack.com/database/wordpress/plugin/arforms-form-builder/vulnerability/wordpress-arforms-plugin-1-7-1-html-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53801 – WordPress Bold Page Builder plugin <= 5.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53801
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1. The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary ... • https://patchstack.com/database/wordpress/plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-plugin-5-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53808 – WordPress NEX-Forms plugin <= 8.7.8 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-53808
02 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8. The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possi... • https://patchstack.com/database/wordpress/plugin/nex-forms-express-wp-form-builder/vulnerability/wordpress-nex-forms-plugin-8-7-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •