Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-07	CVE-2024-4451	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity extendthemes CWE-79	5.4
2024-06-06	CVE-2024-5038	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity extendthemes CWE-79	5.4
2024-05-02	CVE-2024-3337	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity extendthemes CWE-79	5.4
2024-05-02	CVE-2024-3338	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. network low complexity extendthemes CWE-79	5.4
2024-05-02	CVE-2024-3340	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity extendthemes CWE-79	5.4
2024-04-02	CVE-2024-2839	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. network low complexity extendthemes CWE-79	5.4
2024-03-28	CVE-2024-28004	Unspecified vulnerability in Extendthemes Colibri Page Builder Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. network low complexity extendthemes	4.3
2024-01-11	CVE-2023-6988	Cross-site Scripting vulnerability in Extendthemes Colibri Page Builder 1.0.227/1.0.229/1.0.239 The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity extendthemes CWE-79	5.4
2023-12-21	CVE-2023-50833	Unspecified vulnerability in Extendthemes Colibri Page Builder 1.0.227/1.0.229/1.0.239 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239. network low complexity extendthemes	5.4
2023-08-31	CVE-2023-2188	Unspecified vulnerability in Extendthemes Colibri Page Builder 1.0.227 The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity extendthemes	4.9