CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31380 – WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31380
03 Apr 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3. La vulnerabilidad de control inadecuado de la generación de código ("inyección de código") en Soflyy Oxygen Builder permite la inyección de código. Este problema afecta a Oxygen Builder: desde n/a hasta 4.8.2. Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vend... • https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6938 – Oxygen Builder <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
https://notcve.org/view.php?id=CVE-2023-6938
05 Jan 2024 — The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an ... • https://oxygenbuilder.com/oxygen-4-8-1-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46841 – WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46841
20 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Soflyy Oxygen Builder en versiones <= 4.4. The Oxygen plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 4.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site admin... • https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-builder-plugin-4-6-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •