cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-36839,https://securityvulnerability.io/vulnerability/CVE-2020-36839,Lead Plus X plugin vulnerable to Cross-Site Request Forgery,"The WP Lead Plus X plugin for WordPress features a Cross-Site Request Forgery vulnerability, primarily present in versions up to 0.99. This vulnerability arises from inadequate nonce validation across various functions, enabling potential attackers to exploit the flaw. By deceiving an authorized site administrator into clicking a malicious link, attackers can perform unauthorized administrative actions, including injecting harmful JavaScript or modifying site content without consent.",Wordpress,WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X,8.3,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-10-16T06:43:45.081Z,0
CVE-2024-1793,https://securityvulnerability.io/vulnerability/CVE-2024-1793,"AWeber Plugin Vulnerable to SQL Injection, Puts Sensitive Data at Risk","The AWeber – Free Sign Up Form and Landing Page Builder Plugin for WordPress is susceptible to a SQL Injection vulnerability through the 'post_id' parameter. This issue arises from inadequate escaping of user-supplied parameters and insufficient preparation in the SQL query. Authenticated attackers with administrator-level access can exploit this weakness to inject additional SQL commands into existing queries, potentially accessing and extracting sensitive information from the database, thereby compromising the security of users' data and the integrity of the application.",Wordpress,Aweber – Free Sign Up Form And Landing Page Builder Plugin For Lead Generation And Email Newsletter Growth,7.2,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-13T15:27:24.266Z,0
CVE-2023-6880,https://securityvulnerability.io/vulnerability/CVE-2023-6880,Stored Cross-Site Scripting Vulnerability in Visual Composer Plugin for WordPress,"The Visual Composer plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability caused by inadequate input sanitization and output escaping. This affects all versions up to 45.6.0, allowing authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts. These injected scripts will execute whenever users access the compromised pages, potentially hijacking sessions, defacing websites, or spreading malware. Website administrators must ensure they upgrade to the latest version and implement proper input validation measures to safeguard against this vulnerability.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-03-13T15:26:52.043Z,0
CVE-2024-1072,https://securityvulnerability.io/vulnerability/CVE-2024-1072,Unauthorized Modification of Data in Website Builder Plugin for WordPress,"The Website Builder by SeedProd, especially its Theme Builder and various page-building functionalities, contains a vulnerability that allows unauthorized modification of data. This issue arises from a missing capability check in the seedprod_lite_new_lpage function, present in all versions up to and including 6.15.21. As a result, unauthenticated attackers can manipulate critical web content, including coming-soon, maintenance, login, and 404 pages. Although version 6.15.22 addresses this vulnerability, it inadvertently introduces a bug impacting the functionality of admin pages. Users are advised to upgrade to version 6.15.23 to mitigate security risks effectively.",Wordpress,"Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode",7.5,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-02-05T21:21:50.961Z,0
CVE-2023-7019,https://securityvulnerability.io/vulnerability/CVE-2023-7019,Unauthorized Data Modification in LightStart Plugin for WordPress,"The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress has a security flaw that enables authenticated users, including those with subscriber-level access, to modify page designs. This issue arises from a missing capability check in the insert_template function, exposing the plugin to potential unauthorized data alterations across all versions up to and including 2.6.8.",Wordpress,"LightStart – Maintenance Mode, Coming Soon and Landing Page Builder",4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-01-11T08:32:53.047Z,0
CVE-2023-48325,https://securityvulnerability.io/vulnerability/CVE-2023-48325,WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection,"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.

",Wordpress,Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages,4.7,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-12-07T12:15:00.000Z,0
CVE-2020-36722,https://securityvulnerability.io/vulnerability/CVE-2020-36722,Cross-Site Scripting Vulnerability in Visual Composer Plugin for WordPress,"The Visual Composer plugin for WordPress, in its versions up to and including 26.0, has a vulnerability that allows attackers to exploit insufficient input sanitization and output escaping. This Cross-Site Scripting (XSS) issue can let attackers inject malicious web scripts that run in the browser of unwitting users, potentially leading to data theft or unauthorized actions on the affected site. Website owners using this plugin should apply the necessary patches and updates to safeguard against such threats.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",5.5,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-06-07T01:51:42.848Z,0
CVE-2022-4718,https://securityvulnerability.io/vulnerability/CVE-2022-4718,Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode,"The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Landing Page Builder,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-23T14:32:00.887Z,0
CVE-2021-25067,https://securityvulnerability.io/vulnerability/CVE-2021-25067,Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS),The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.,Wordpress,Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages,5.4,MEDIUM,0.002050000010058284,false,,false,false,false,,,false,false,,2022-01-17T13:00:41.000Z,0