| CVE-2024-4400 | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting | boldgrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.4 | 2024-05-16 11:05:29 | Deep Dive |
| CVE-2024-4208 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-15 02:32:44 | Deep Dive |
| CVE-2024-3189 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 5.4 | 2024-05-15 02:32:43 | Deep Dive |
| CVE-2024-4209 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-11 01:56:00 | Deep Dive |
| CVE-2024-4430 | Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-05-10 21:32:43 | Deep Dive |
| CVE-2024-4481 | Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-10 06:44:58 | Deep Dive |
| CVE-2024-2785 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-09 20:03:40 | Deep Dive |
| CVE-2024-0445 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-09 20:03:37 | Deep Dive |
| CVE-2024-3923 | Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2024-05-09 20:03:36 | Deep Dive |
| CVE-2024-34573 | WordPress Pootle Pagebuilder plugin <= 5.7.1 - Cross Site Scripting (XSS) vulnerability | Pootlepress | Pootle Pagebuilder – WordPress Page builder | Medium | 6.5 | 2024-05-08 09:00:31 | Deep Dive |
| CVE-2024-34373 | WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability | POSIMYTH | The Plus Addons for Elementor Page Builder Lite | Medium | 6.5 | 2024-05-06 18:31:20 | Deep Dive |
| CVE-2024-3340 | Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode | extendthemes | Colibri Page Builder | Medium | 5.4 | 2024-05-02 16:52:52 | Deep Dive |
| CVE-2024-2273 | Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | Medium | 6.4 | 2024-05-02 16:52:49 | Deep Dive |
| CVE-2024-3725 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' | themeisle | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | Medium | 6.4 | 2024-05-02 16:52:41 | Deep Dive |
| CVE-2024-2401 | Admin Page Spider <= 3.31 - Authenticated (Admin+) Stored Cross-Site Scripting | jatacid | Admin Page Spider | Medium | 4.4 | 2024-05-02 16:52:36 | Deep Dive |
| CVE-2024-3337 | Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-05-02 16:52:32 | Deep Dive |
| CVE-2024-0908 | Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure | bplugins | Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters | Medium | 5.3 | 2024-05-02 16:52:24 | Deep Dive |
| CVE-2024-3338 | Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting | extendthemes | Colibri Page Builder | Medium | 4.4 | 2024-05-02 16:52:00 | Deep Dive |
| CVE-2024-33636 | WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability | Mahesh Vora | WP Page Post Widget Clone | Medium | 5.4 | 2024-04-29 08:21:29 | Deep Dive |
| CVE-2024-33695 | WordPress Fan Page Widget by ThemeNcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | ThemeNcode | Fan Page Widget by ThemeNcode | Medium | 5.9 | 2024-04-26 12:42:27 | Deep Dive |