CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0267 – Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0267
17 Apr 2023 — The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Ultimate Carousel For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.6 due to ins... • https://wpscan.com/vulnerability/7ba7849d-e07b-465a-bfb7-10c8186be140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0268 – Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0268
17 Apr 2023 — The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Mega Addons For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 4.2.7 due to insufficient... • https://wpscan.com/vulnerability/99389641-ad1e-45c1-a42f-2a010ee22d76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0280 – Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0280
17 Apr 2023 — The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Ultimate Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block options in versions up to, and including, 2.1.7 due to insufficient input sanitization a... • https://wpscan.com/vulnerability/cb7ed9e6-0fa0-4ebb-9109-8f33defc8b32 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4501 – Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update
https://notcve.org/view.php?id=CVE-2022-4501
14 Dec 2022 — The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings. El complemento Mega Addons para WordPress es vulnerable a la omisión de autorización debido a una falta de verificación de capacidad en la función vc_served_data en versiones hasta la 4.2.7 incluida. E... • https://plugins.trac.wordpress.org/browser/mega-addons-for-visual-composer/tags/4.2.7/main.php#L87 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36798 – WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-36798
02 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Topdigitaltrends Mega Addons For WPBakery Page Builder versiones anteriores a 4.2.7 incluyéndola en WordPress. The Mega Addons For WPBakery Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.7. This is due to missing or incorrect nonce v... • https://patchstack.com/database/vulnerability/mega-addons-for-visual-composer/wordpress-mega-addons-for-wpbakery-page-builder-plugin-4-2-7-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •