CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2142 – Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget
https://notcve.org/view.php?id=CVE-2024-2142
29 Mar 2024 — The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Ultimate Addons for Beaver Builder – Lite para WordPress es ... • https://plugins.trac.wordpress.org/browser/ultimate-addons-for-beaver-builder-lite/trunk/modules/info-table/includes/frontend.php#L29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2143 – Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget
https://notcve.org/view.php?id=CVE-2024-2143
29 Mar 2024 — The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Ultimate Addons for Beaver Builder – Lite para WordPress es vul... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056561%40ultimate-addons-for-beaver-builder-lite&new=3056561%40ultimate-addons-for-beaver-builder-lite&sfp_email=&sfph_mail=#file2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2144 – Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget
https://notcve.org/view.php?id=CVE-2024-2144
29 Mar 2024 — The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Ultimate Addons para Beaver Builder – Lite para WordPre... • https://plugins.trac.wordpress.org/browser/ultimate-addons-for-beaver-builder-lite/trunk/modules/image-separator/includes/frontend.php#L14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2347 – Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
https://notcve.org/view.php?id=CVE-2024-2347
25 Mar 2024 — The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El tema de Astra para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del nombre para mostrar... • https://themes.trac.wordpress.org/changeset/221725/astra • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2305 – Cards for Beaver Builder <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via bootstrapcard link
https://notcve.org/view.php?id=CVE-2024-2305
21 Mar 2024 — The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Cards for Beaver Builder para WordPress es vu... • https://plugins.trac.wordpress.org/changeset?old_path=/bb-bootstrap-cards/tags/1.1.2&old=3056277&new_path=/bb-bootstrap-cards/tags/1.1.3&new=3056277&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1237 – Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-1237
11 Mar 2024 — The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Elementor Header & Footer Builder para WordPress es vulnerable ... • https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.24/inc/widgets-manager/widgets/class-navigation-menu.php#L1951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51397 – WordPress WP Remote Site Search Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51397
26 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Brainstorm Force WP Remote Site Search permite XSS almacenado. Este problema afecta a WP Remote Site Search: desde n/a hasta 1.0.4. The WP Remote Site Search plu... • https://patchstack.com/database/vulnerability/wp-remote-site-search/wordpress-wp-remote-site-search-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51402 – WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.17 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51402
26 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Brain Storm Force Ultimate Addons for WPBakery Page Builder. Este problema afecta a Ultimate Addons for WPBakery Page Builder: desde n/a hasta 3.19.17. The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v... • https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49830 – WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-49830
05 Dec 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Brainstorm Force Astra Pro. Este problema afecta a Astra Pro: desde n/a hasta 4.3.1. The Astra Pro Addon plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.3.1 via the ast-advanced-hook-php-code meta field. This makes i... • https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-plugin-4-3-1-contributor-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49833 – WordPress Spectra Plugin <= 2.7.9 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49833
05 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Brainstorm Force Spectra – WordPress Gutenberg Blocks permite almacenar XSS. Este problema afecta a Spectra – WordPress Gutenberg Bloc... • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •