cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4451,https://securityvulnerability.io/vulnerability/CVE-2024-4451,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin,"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-07T06:52:21.626Z,0
CVE-2024-5038,https://securityvulnerability.io/vulnerability/CVE-2024-5038,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin,"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-06T11:03:02.821Z,0
CVE-2024-3340,https://securityvulnerability.io/vulnerability/CVE-2024-3340,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin,"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:52.335Z,0
CVE-2024-3337,https://securityvulnerability.io/vulnerability/CVE-2024-3337,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin for WordPress,"The Colibri Page Builder plugin for WordPress poses a vulnerability due to inadequate input sanitization and output escaping associated with the 'colibri_breadcrumb_element' shortcode. This flaw allows authenticated users, with contributor-level access or higher, to inject malicious web scripts into pages. These scripts execute when a user views the manipulated page, potentially compromising user data and site integrity.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:32.076Z,0
CVE-2024-3338,https://securityvulnerability.io/vulnerability/CVE-2024-3338,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin for WordPress,"The Colibri Page Builder plugin for WordPress has a vulnerability that allows authenticated attackers with author-level access or higher to execute arbitrary web scripts. This is due to inadequate sanitization of the image alt data parameter, which can lead to Stored Cross-Site Scripting attacks. When a user visits an infected page, the injected scripts can execute, potentially compromising user data and website integrity. Immediate remediation and updating are essential to safeguard against such attacks.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:59.650Z,0
CVE-2024-2839,https://securityvulnerability.io/vulnerability/CVE-2024-2839,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder Plugin,"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-02T07:16:00.000Z,0
CVE-2024-1870,https://securityvulnerability.io/vulnerability/CVE-2024-1870,Unauthorized Modification of Data in Colibri Page Builder Plugin for WordPress,"The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.",Wordpress,Colibri Page Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-09T09:37:46.628Z,0
CVE-2024-1362,https://securityvulnerability.io/vulnerability/CVE-2024-1362,Cross-Site Request Forgery Vulnerability in Colibri Page Builder Plugin for WordPress,"The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Colibri Page Builder,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-23T11:03:46.451Z,0
CVE-2024-1361,https://securityvulnerability.io/vulnerability/CVE-2024-1361,Cross-Site Request Forgery Vulnerability Affects Colibri Page Builder Plugin for WordPress,"The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Colibri Page Builder,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-23T11:03:45.823Z,0
CVE-2023-6988,https://securityvulnerability.io/vulnerability/CVE-2023-6988,Stored Cross-Site Scripting Vulnerability in Colibri Page Builder for WordPress,"The Colibri Page Builder plugin for WordPress is susceptible to a Stored Cross-Site Scripting flaw that arises from inadequate input sanitization and output escaping of user-supplied attributes within the plugin's extend_builder_render_js shortcode. As a result, authenticated attackers who possess contributor-level permissions or higher can exploit this vulnerability to inject arbitrary web scripts into web pages. These scripts will execute whenever users access the affected pages, posing significant security risks for any site utilizing this plugin.",Wordpress,Colibri Page Builder,5.4,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2024-01-11T08:32:30.935Z,0
CVE-2023-2188,https://securityvulnerability.io/vulnerability/CVE-2023-2188,SQL Injection in Colibri Page Builder for WordPress,"The Colibri Page Builder for WordPress contains a vulnerability that allows authenticated attackers with administrator privileges to exploit SQL Injection via the 'post_id' parameter. This occurs due to inadequate escaping of the user-supplied input and insufficient preparation of the SQL query. As a result, attackers can append additional SQL commands to existing queries, potentially leading to the extraction of sensitive information from the underlying database.",Wordpress,Colibri Page Builder,7.2,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0