cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12104,https://securityvulnerability.io/vulnerability/CVE-2024-12104,Unauthorized Data Deletion in Atarim Plugin for WordPress,"The Atarim plugin for WordPress is affected by a lack of proper capability checks in critical file handling functions, specifically wpf_delete_file and wpf_delete_file. This deficiency permits unauthenticated users to delete project-related pages and files, potentially leading to significant data loss. All versions up to and including 4.0.9 are impacted, highlighting the need for urgent attention and remediation.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-21T09:21:10.182Z,0
CVE-2024-10175,https://securityvulnerability.io/vulnerability/CVE-2024-10175,Pricing Tables Vulnerable to Stored Cross-Site Scripting,"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Pricing Tables For WPbakery Page Builder (formerly Visual Composer),6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-27T06:41:28.887Z,0
CVE-2024-10172,https://securityvulnerability.io/vulnerability/CVE-2024-10172,Stored XSS Vulnerability in Visual Composer Plugin,"The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes within the plugin's void_wbwhmcse_laouts_search shortcode. This vulnerability is present in all versions up to and including 1.0.4. It enables authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute when users access the compromised page, potentially compromising the integrity of user sessions and data.",Wordpress,WPbakery Visual Composer Whmcs Elements,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-21T02:06:45.218Z,0
CVE-2024-8047,https://securityvulnerability.io/vulnerability/CVE-2024-8047,Unprotected CSRF Vulnerability in Visual Sound WordPress Plugin,"The Visual Sound plugin for WordPress, up to version 1.06, is susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities. The absence of adequate CSRF checks during the settings update process allows attackers to exploit this flaw. By leveraging malicious requests, an attacker can manipulate an authenticated administrator's settings without their consent. This vulnerability underscores the importance of implementing CSRF protection measures to guard against unauthorized modifications and maintain the integrity of WordPress sites.",Wordpress,Visual Sound,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-09-17T06:15:00.000Z,0
CVE-2024-7859,https://securityvulnerability.io/vulnerability/CVE-2024-7859,Plugin Vulnerability Could Allow CSRF Admin Changes,"The Visual Sound plugin for WordPress lacks adequate CSRF protection in its updates, enabling attackers to potentially manipulate settings without proper authorization. This vulnerability can be exploited when a logged-in administrator interacts with a malicious webpage, leading to unintended changes within the plugin’s configuration.",Wordpress,Visual Sound,6.5,MEDIUM,0.0004799999878741801,false,,false,false,true,true,false,false,2024-09-12T06:00:05.954Z,0
CVE-2024-7621,https://securityvulnerability.io/vulnerability/CVE-2024-7621,"Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update","The Atarim Visual Website Collaboration plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the process_wpfeedback_misc_options() function. This vulnerability affects all versions up to and including 4.0.2, enabling authenticated users with Subscriber-level access or higher to modify plugin settings. Attackers may exploit this weakness to manipulate the plugin's configuration, posing significant risks to the integrity of the site and its collaboration features. It is essential for users to update to the latest version and implement stringent access control measures to mitigate these risks.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-5709,https://securityvulnerability.io/vulnerability/CVE-2024-5709,Plugin Vulnerability: Local File Inclusion in WPBakery Visual Composer,"The WPBakery Visual Composer plugin for WordPress is exposed to a Local File Inclusion vulnerability impacting all versions up to and including 7.7. Exploitation of this vulnerability could allow authenticated attackers, specifically those with Author-level access or higher, to include arbitrary files on the server via the 'layout_name' parameter. Given that these attackers also possess post permissions granted by an Administrator, they can execute PHP code embedded in these files, potentially leading to unauthorized access, data leakage, and significant risks to the integrity of the website. This issue underscores the importance of maintaining up-to-date plugin versions and implementing strict user permissions.",Wordpress,WPbakery Visual Composer,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2024-08-06T05:31:59.492Z,0
CVE-2024-5708,https://securityvulnerability.io/vulnerability/CVE-2024-5708,Stored Cross-Site Scripting Vulnerability Affects WPBakery Visual Composer Plugin,"The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-06T05:31:58.857Z,0
CVE-2024-6848,https://securityvulnerability.io/vulnerability/CVE-2024-6848,Stored Cross-Site Scripting Vulnerability Affects BoldGrid Post and Page Builder,"The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,Post And Page Builder By Boldgrid – Visual Drag And Drop Editor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-20T11:18:27.812Z,0
CVE-2024-5265,https://securityvulnerability.io/vulnerability/CVE-2024-5265,Stored Cross-Site Scripting Vulnerability in WPBakery Visual Composer,"The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-13T06:42:51.823Z,0
CVE-2024-2793,https://securityvulnerability.io/vulnerability/CVE-2024-2793,Stored Cross-Site Scripting Vulnerability in Atarim Plugin for WordPress,"The Atarim Visual Website Collaboration, Feedback & Project Management plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting through comments. This security flaw exists in all versions up to and including 3.30, where improper sanitization of user inputs allows malicious actors to inject arbitrary web scripts. These scripts may execute whenever a user accesses the compromised page, posing significant risks to user security and website integrity.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",7.2,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2024-05-31T04:31:43.112Z,0
CVE-2024-2038,https://securityvulnerability.io/vulnerability/CVE-2024-2038,Unauthorized Access Vulnerability in Atarim Plugin for WordPress,"The Atarim plugin for WordPress, which facilitates visual collaboration and project management, is exposed to unauthorized access vulnerabilities across all versions up to and including 3.22.6. This security flaw arises from the implementation of hardcoded credentials, which are used to authenticate incoming API requests. As a consequence, malicious actors can exploit this vulnerability to gain unauthorized access, enabling them to alter plugin configurations, delete posts, change post titles, and upload arbitrary images. Website administrators are urged to update to the latest version of the Atarim plugin to mitigate this significant security risk.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-23T06:46:02.833Z,0
CVE-2024-4400,https://securityvulnerability.io/vulnerability/CVE-2024-4400,Stored Cross-Site Scripting Vulnerability in BoldGrid Post and Page Builder,"The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Post And Page Builder By Boldgrid – Visual Drag And Drop Editor,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-16T11:05:29.134Z,0
CVE-2024-3750,https://securityvulnerability.io/vulnerability/CVE-2024-3750,Unauthorized Data Modification Vulnerability in The Visualizer's Tables and Charts Manager for WordPress Plugin,"The Visualizer: Tables and Charts Manager for WordPress plugin is susceptible to unauthorized modifications and data retrieval due to a missing capability check in the getQueryData() function. All versions up to and including 3.10.15 are impacted, allowing authenticated attackers with subscriber-level access and above to execute arbitrary SQL queries. This vulnerability poses significant risks, including privilege escalation, thereby compromising the integrity and security of the WordPress site. Prompt updates and security measures are essential to mitigate potential threats associated with this vulnerability.",Wordpress,Visualizer: Tables And Charts Manager For WordPress,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-16T02:36:48.950Z,0
CVE-2024-2846,https://securityvulnerability.io/vulnerability/CVE-2024-2846,Stored Cross-Site Scripting Vulnerability Affects Visual Footer Credit Remover Plugin for WordPress,"The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Visual Footer Credit Remover,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:21:00.000Z,0
CVE-2024-1840,https://securityvulnerability.io/vulnerability/CVE-2024-1840,Stored Cross-Site Scripting Vulnerability Affects wpbakery Plugin,"The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:39.691Z,0
CVE-2024-1805,https://securityvulnerability.io/vulnerability/CVE-2024-1805,Stored Cross-Site Scripting Vulnerability in WPBakery Plugin for WordPress,"The WPBakery plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability that arises from inadequate input sanitization and output escaping in the button onclick attribute. This flaw impacts all versions up to and including 7.5, enabling authenticated attackers with contributor privileges or higher to inject arbitrary scripts into webpages. Consequently, any user visiting an affected page may unwittingly execute malicious web scripts, potentially compromising their security.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:15.985Z,0
CVE-2024-1842,https://securityvulnerability.io/vulnerability/CVE-2024-1842,Stored Cross-Site Scripting Vulnerability in WPBakery Plugin for WordPress,"The WPBakery Page Builder plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping concerning the Custom Heading tag attribute. Authenticated users with contributor privileges or higher can exploit this weakness to inject malicious web scripts into pages. These scripts execute whenever users visit the compromised pages, leading to potential data theft or other malicious actions. It's critical for website administrators to update to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:12.201Z,0
CVE-2024-1841,https://securityvulnerability.io/vulnerability/CVE-2024-1841,Stored Cross-Site Scripting Vulnerability in WPBakery Plugin for WordPress,"The WPBakery plugin for WordPress is susceptible to Stored Cross-Site Scripting due to flawed input sanitization and output escaping in the Post Title tag attribute. This vulnerability allows authenticated attackers, possessing contributor access or higher, to embed malicious scripts that can be executed when users view the affected pages. All versions up to and including 7.5 are at risk, potentially compromising the security of websites that utilize this plugin.",Wordpress,WPbakery Visual Composer,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:58.288Z,0
CVE-2023-6880,https://securityvulnerability.io/vulnerability/CVE-2023-6880,Stored Cross-Site Scripting Vulnerability in Visual Composer Plugin for WordPress,"The Visual Composer plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability caused by inadequate input sanitization and output escaping. This affects all versions up to 45.6.0, allowing authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts. These injected scripts will execute whenever users access the compromised pages, potentially hijacking sessions, defacing websites, or spreading malware. Website administrators must ensure they upgrade to the latest version and implement proper input validation measures to safeguard against this vulnerability.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:52.043Z,0
CVE-2023-0368,https://securityvulnerability.io/vulnerability/CVE-2023-0368,Responsive Tabs For WPBakery Page Builder  <= 1.1 - Contributor+ Stored XSS,"The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Responsive Tabs For WPbakery Page Builder (formerly Visual Composer),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2023-06-19T11:15:00.000Z,0
CVE-2020-36722,https://securityvulnerability.io/vulnerability/CVE-2020-36722,Cross-Site Scripting Vulnerability in Visual Composer Plugin for WordPress,"The Visual Composer plugin for WordPress, in its versions up to and including 26.0, has a vulnerability that allows attackers to exploit insufficient input sanitization and output escaping. This Cross-Site Scripting (XSS) issue can let attackers inject malicious web scripts that run in the browser of unwitting users, potentially leading to data theft or unauthorized actions on the affected site. Website owners using this plugin should apply the necessary patches and updates to safeguard against such threats.",Wordpress,"Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages",5.5,MEDIUM,0.0016899999463930726,false,,false,false,false,,false,false,2023-06-07T01:51:42.848Z,0
CVE-2023-23708,https://securityvulnerability.io/vulnerability/CVE-2023-23708,WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS),Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.,Wordpress,Visualizer: Tables and Charts Manager for WordPress,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-05-03T13:15:00.000Z,0
CVE-2023-0367,https://securityvulnerability.io/vulnerability/CVE-2023-0367,Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS,"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Pricing Tables For WPBakery Page Builder (formerly Visual Composer),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-04-17T13:15:00.000Z,0
CVE-2023-1274,https://securityvulnerability.io/vulnerability/CVE-2023-1274,Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI,"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks",Wordpress,Pricing Tables For WPBakery Page Builder (formerly Visual Composer),6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2023-04-17T13:15:00.000Z,0