Vulnerabilities and security researches for bb-bootstrap-cards

CVE: CVE-2024-2305
Application: Cards for Beaver Builder
Date: Jun 07, 2024, 08:06:37
Research Description: The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Status: vulnerable

Medium
Actual on: Jul 05, 2024, 10:07:38

CVE: CVE-2024-5663
Application: Cards for Beaver Builder
Date: Jun 10, 2024, 11:06:52
Research Description: The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Status: vulnerable

Medium
Actual on: Jul 05, 2024, 10:07:38

CVE: CVE-2024-37278
Application: Cards for Beaver Builder
Date: Jul 02, 2024, 17:07:38
Research Description: Cards for Beaver Builder [bb-bootstrap-cards] < 1.1.5 CVE-2024-37278
Status: vulnerable

Unknown
Actual on: Jul 05, 2024, 10:07:38