CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53797 – WordPress Beaver Builder – WordPress Page Builder plugin <= 2.8.4.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53797
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject ar... • https://patchstack.com/database/wordpress/plugin/beaver-builder-lite-version/vulnerability/wordpress-beaver-builder-wordpress-page-builder-plugin-2-8-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53823 – WordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53823
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. The The Plus Addons for Elementor Page Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.6.14 due to insufficient input sanitization and output escaping. This makes it possib... • https://patchstack.com/database/wordpress/plugin/the-plus-addons-for-elementor-page-builder/vulnerability/wordpress-the-plus-addons-for-elementor-plugin-5-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52486 – WordPress Elementor Portfolio Builder plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-52486
19 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en SolverWP Elementor Portfolio Builder permite XSS basado en DOM. Este problema afecta a Elementor Portfolio Builder: desde n/a hasta 1.0.0. The Elementor P... • https://patchstack.com/database/wordpress/plugin/portfolio-builder-elementor/vulnerability/wordpress-elementor-portfolio-builder-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52423 – WordPress Themify Builder plugin <= 7.6.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-52423
13 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Themify Themify Builder permite XSS almacenado. Este problema afecta a Themify Builder: desde n/a hasta 7.6.3. The Themify Builder plugin for WordPress is vulnerable to Sto... • https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51682 – WordPress HT Builder – WordPress Theme Builder for Elementor plugin <= 1.3.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51682
01 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through 1.3.0. The HT Builder – WordPress Theme Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This mak... • https://patchstack.com/database/vulnerability/ht-builder/wordpress-ht-builder-wordpress-theme-builder-for-elementor-plugin-1-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50527 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50527
30 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.2.3. This makes it possible for unauthenticated attackers to upload arbit... • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50528 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-50528
30 Oct 2024 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.3. This makes it possible for unauthenticated attackers to extract sensiti... • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50516 – WordPress Countdown & Clock plugin <= 2.8.0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50516
28 Oct 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9. The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50477 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50477
25 Oct 2024 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.2.3. This is due to the plugin not properly verifying a user's identity prior to authent... • https://github.com/RandomRobbieBF/CVE-2024-50477 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50417 – WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50417
24 Oct 2024 — Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3. The Bold Page Builder plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 5.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function. • https://patchstack.com/database/vulnerability/bold-page-builder/wordpress-bold-page-builder-plugin-5-1-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •