| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-2127 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2024-03-07 19:33:05 | Deep Dive |
| CVE-2024-1381 | Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure | pagebuildersandwich | Page Builder Sandwich – Front End WordPress Page Builder Plugin | Medium | 6.5 | 2024-03-05 01:56:03 | Deep Dive |
| CVE-2024-1285 | Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing | pagebuildersandwich | Page Builder Sandwich – Front End WordPress Page Builder Plugin | Medium | 6.5 | 2024-03-05 01:56:01 | Deep Dive |
| CVE-2024-1731 | Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection | jkohlbach | Auto Refresh Single Page | High | 8.8 | 2024-03-05 01:56:00 | Deep Dive |
| CVE-2024-1120 | NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure | djeet | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | Medium | 5.3 | 2024-03-01 09:31:41 | Deep Dive |
| CVE-2024-24701 | WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF) | Native Grid LLC | A no-code page builder for beautiful performance-based content | Medium | 4.3 | 2024-02-28 16:16:05 | Deep Dive |
| CVE-2024-24702 | WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Cross Site Request Forgery (CSRF) | Matt Martz & Andy Stratton | Page Restrict | Medium | 4.3 | 2024-02-28 14:32:07 | Deep Dive |
| CVE-2024-1136 | Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass | wpshopmart | Coming Soon Page & Maintenance Mode | Medium | 5.3 | 2024-02-28 08:33:13 | Deep Dive |
| CVE-2024-1368 | Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication | samuelkwle | Page Duplicator | Medium | 5.3 | 2024-02-28 08:33:12 | Deep Dive |
| CVE-2024-0682 | Page Restrict <= 2.5.5 - Protection Mechanism Bypass | sivel | Page Restrict | Medium | 5.3 | 2024-02-28 08:33:08 | Deep Dive |
| CVE-2023-7115 | PageLayer < 1.8.1 - Admin+ Stored XSS | Unknown | Page Builder: Pagelayer | 中危 | - | 2024-02-27 08:30:28 | Deep Dive |
| CVE-2024-1687 | Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution | villatheme | Thank You Page Customizer for WooCommerce – Increase Your Sales | Medium | 5.4 | 2024-02-27 05:33:12 | Deep Dive |
| CVE-2024-1686 | Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export | villatheme | Thank You Page Customizer for WooCommerce – Increase Your Sales | Medium | 4.3 | 2024-02-27 05:33:11 | Deep Dive |
| CVE-2024-1165 | Brizy – Page Builder <= 2.4.39 - Authenticated (Contributor+) Directory Traversal | themefusecom | Brizy – Page Builder | Medium | 4.3 | 2024-02-24 09:38:22 | Deep Dive |
| CVE-2024-1361 | Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via extend_builder | extendthemes | Colibri Page Builder | Medium | 4.3 | 2024-02-23 11:03:46 | Deep Dive |
| CVE-2024-1362 | Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via cp_shortcode_refresh | extendthemes | Colibri Page Builder | Medium | 4.3 | 2024-02-23 11:03:46 | Deep Dive |
| CVE-2024-1590 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.6 | 2024-02-23 09:32:38 | Deep Dive |
| CVE-2024-1445 | Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | malihu | Page scroll to id | Medium | 6.4 | 2024-02-20 18:56:44 | Deep Dive |
| CVE-2024-0506 | Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2024-02-20 18:56:29 | Deep Dive |
| CVE-2024-1337 | SKT Page Builder <= 4.1 - Missing Authorization to Authenticated(Subscriber+) Content Injection | sonalsinha21 | SKT Page Builder | Medium | 4.3 | 2024-02-20 18:56:25 | Deep Dive |