Extendthemes

Colibri Page Builder

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-3337

  • EPSS 0.23%
  • Veröffentlicht 02.05.2024 17:15:24
  • Zuletzt bearbeitet 28.01.2025 18:10:03

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escapin...

5.4

CVE-2024-2839

  • EPSS 0.19%
  • Veröffentlicht 02.04.2024 07:16:12
  • Zuletzt bearbeitet 28.01.2025 18:11:04

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on use...

4.3

CVE-2024-28004

  • EPSS 0.11%
  • Veröffentlicht 28.03.2024 06:15:11
  • Zuletzt bearbeitet 28.01.2025 18:12:55

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.

4.3

CVE-2024-1870

  • EPSS 0.07%
  • Veröffentlicht 09.03.2024 10:15:06
  • Zuletzt bearbeitet 28.01.2025 18:13:19

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for a...

4.3

CVE-2024-1362

  • EPSS 0.09%
  • Veröffentlicht 23.02.2024 11:15:08
  • Zuletzt bearbeitet 15.01.2025 18:40:30

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possib...

4.3

CVE-2024-1361

  • EPSS 0.09%
  • Veröffentlicht 23.02.2024 11:15:08
  • Zuletzt bearbeitet 15.01.2025 18:39:23

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauth...

5.4

CVE-2023-6988

  • EPSS 0.22%
  • Veröffentlicht 11.01.2024 09:15:53
  • Zuletzt bearbeitet 03.06.2025 14:15:41

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on...

5.4

CVE-2023-50833

Exploit
  • EPSS 0.16%
  • Veröffentlicht 21.12.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 08:37:22

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239.

4.9

CVE-2023-2188

  • EPSS 0.29%
  • Veröffentlicht 31.08.2023 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:58:06

The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...