CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26769 – WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26769
14 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor allows Stored XSS. This issue affects Vertex Addons for Elementor: from n/a through 1.2.0. The Vertex Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces... • https://patchstack.com/database/wordpress/plugin/addons-for-elementor-builder/vulnerability/wordpress-vertex-addons-for-elementor-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25077 – WordPress Easy Chart Builder for WordPress plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25077
03 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3. The Easy Chart Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level ... • https://patchstack.com/database/wordpress/plugin/easy-chart-builder/vulnerability/wordpress-easy-chart-builder-for-wordpress-plugin-1-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23989 – WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23989
27 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - SabLab Internal Link Builder allows Cross Site Request Forgery. This issue affects Internal Link Builder: from n/a through 1.0. The Internal Link Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a ... • https://patchstack.com/database/wordpress/plugin/internal-link-builder/vulnerability/wordpress-internal-link-builder-plugin-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24672 – WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-24672
24 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41. The Form Builder CP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contribu... • https://patchstack.com/database/wordpress/plugin/cp-easy-form-builder/vulnerability/wordpress-form-builder-cp-plugin-1-2-41-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24722 – WordPress FAQ Builder AYS Plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24722
24 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3. The FAQ Builder AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbit... • https://patchstack.com/database/wordpress/plugin/faq-builder-ays/vulnerability/wordpress-faq-builder-ays-plugin-1-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24616 – WordPress Uix Page Builder Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24616
20 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS. This issue affects Uix Page Builder: from n/a through 1.7.3. The Uix Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute ... • https://patchstack.com/database/wordpress/plugin/uix-page-builder/vulnerability/wordpress-uix-page-builder-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23651 – WordPress Scroll Top plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23651
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Scroll Top allows Reflected XSS. This issue affects Scroll Top: from n/a through 1.3.3. The Scroll Top – WordPress Scroll to Top plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that ... • https://patchstack.com/database/wordpress/plugin/scroll-to-top-builder/vulnerability/wordpress-scroll-top-plugin-1-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22759 – WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22759
14 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.4. The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.27.5 due to insufficient input sanitizat... • https://patchstack.com/database/wordpress/plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1-27-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22560 – WordPress Saoshyant Page Builder plugin <= 3.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-22560
07 Jan 2025 — Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through 3.8. The Saoshyant Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/saoshyant-page-builder/vulnerability/wordpress-saoshyant-page-builder-plugin-3-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22810 – WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22810
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. The Content Blocks Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje... • https://patchstack.com/database/wordpress/plugin/content-blocks-builder/vulnerability/wordpress-content-blocks-builder-plugin-2-7-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •