Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Colibri Page Builder — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in Colibri Page Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: extendthemes

CVE IDTitleCVSSSeverityPublished
CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-12-19
CVE-2025-11376 Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-12-13
CVE-2025-59593 WordPress Colibri Page Builder Plugin < 1.0.334 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-10-22
CVE-2025-9560 Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode CWE-79 6.4 Medium2025-10-11
CVE-2025-32185 WordPress Colibri Page Builder plugin <= 1.0.329 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-04-04
CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library CWE-79 6.4 Medium2024-12-04
CVE-2024-4451 Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode CWE-79 6.4 Medium2024-06-07
CVE-2024-5038 Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-06-06
CVE-2024-3340 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode CWE-79 5.4 Medium2024-05-02
CVE-2024-3337 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode CWE-79 6.4 Medium2024-05-02
CVE-2024-3338 Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-05-02
CVE-2024-2839 Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-04-02
CVE-2024-28004 WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability CWE-862 5.4 Medium2024-03-28
CVE-2024-1870 Colibri Page Builder <= 1.0.260 - Missing Authorization CWE-862 4.3 Medium2024-03-09
CVE-2024-1362 Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via cp_shortcode_refresh CWE-352 4.3 Medium2024-02-23
CVE-2024-1361 Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via extend_builder CWE-352 4.3 Medium2024-02-23
CVE-2023-6988 Colibri Page Builder <= 1.0.239 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-01-11
CVE-2023-50833 WordPress Colibri Page Builder Plugin <= 1.0.239 is vulnerable to Cross Site Scripting (XSS) CWE-79 6.5 Medium2023-12-21
CVE-2023-2188 Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id CWE-89 7.2 High2023-08-31

All 19 known CVE vulnerabilities affecting Colibri Page Builder with full Chinese analysis, references, and POCs where available.