Vulnerabilities > Wpzoom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-19 | CVE-2024-30424 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.4. | 5.4 |
| 2024-11-01 | CVE-2024-43293 | Missing Authorization vulnerability in Wpzoom Recipe Card Blocks for Gutenberg & Elementor Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. | 8.8 |
| 2024-09-25 | CVE-2024-9027 | Cross-site Scripting vulnerability in Wpzoom Shortcodes The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-31 | CVE-2024-8276 | Cross-site Scripting vulnerability in Wpzoom Portfolio The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-09 | CVE-2024-37464 | Unspecified vulnerability in Wpzoom Beaver Builder Addons Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5. | 4.9 |
| 2024-06-20 | CVE-2024-5686 | Cross-site Scripting vulnerability in Wpzoom Addons for Elementor The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-09 | CVE-2024-30464 | Unspecified vulnerability in Wpzoom Social Icons Widget Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15. | 8.8 |
| 2024-04-29 | CVE-2024-33539 | Unspecified vulnerability in Wpzoom Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35. | 5.4 |
| 2024-04-09 | CVE-2024-2181 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2183 | Cross-site Scripting vulnerability in Wpzoom Beaver Builder Addons The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. | 5.4 |