Vulnerabilities > Extendthemes > Colibri Page Builder > 1.0.227
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-11 | CVE-2023-6988 | Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder 1.0.227/1.0.229 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2023-12-21 | CVE-2023-50833 | Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder 1.0.227/1.0.229 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239. | 5.4 |
2023-08-31 | CVE-2023-2188 | Unspecified vulnerability in Extendthemes Colibri Page Builder 1.0.227 The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |