Vulnerabilities > Fastlinemedia
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-9505 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-27 | CVE-2024-9049 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-12-29 | CVE-2023-50889 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. | 5.4 |
| 2023-10-26 | CVE-2023-5798 | Unspecified vulnerability in Fastlinemedia Assistant The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks | 8.8 |
| 2023-05-08 | CVE-2023-1347 | Unspecified vulnerability in Fastlinemedia Customizer Export/Import The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | 7.2 |
| 2022-09-06 | CVE-2022-2517 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-09-06 | CVE-2022-2695 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-09-06 | CVE-2022-2716 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-09-06 | CVE-2022-2934 | Cross-site Scripting vulnerability in Fastlinemedia Beaver Builder The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2022-09-06 | CVE-2022-36425 | Unspecified vulnerability in Fastlinemedia Beaver Builder Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | 9.8 |