Vulnerabilities and security researches for bb-bootstrap-cards
Cards for Beaver Builder # CVE-2024-2305
- CVE
- Application
- Date
- Jun 07, 2024, 08:06:37
- Research Description
- The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 10:07:38
Cards for Beaver Builder # CVE-2024-5663
- CVE
- Application
- Date
- Jun 10, 2024, 11:06:52
- Research Description
- The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Status
-
vulnerableMedium
- Actual on
- Jul 05, 2024, 10:07:38
Cards for Beaver Builder # CVE-2024-37278
- CVE
- Application
- Date
- Jul 02, 2024, 17:07:38
- Research Description
- Cards for Beaver Builder [bb-bootstrap-cards] < 1.1.5 CVE-2024-37278
- Status
-
vulnerableUnknown
- Actual on
- Jul 05, 2024, 10:07:38