CVE-2022-3830
- EPSS 0.23%
- Veröffentlicht 05.12.2022 17:15:10
- Zuletzt bearbeitet 24.04.2025 14:15:35
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa...
CVE-2022-40963
- EPSS 0.18%
- Veröffentlicht 18.11.2022 23:15:24
- Zuletzt bearbeitet 21.11.2024 07:22:18
Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.
CVE-2021-24207
- EPSS 0.17%
- Veröffentlicht 05.04.2021 19:15:17
- Zuletzt bearbeitet 21.11.2024 05:52:35
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
CVE-2021-24208
- EPSS 0.42%
- Veröffentlicht 05.04.2021 19:15:17
- Zuletzt bearbeitet 21.11.2024 05:52:35
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires ...