cleantalk
Vulnerabilities and Security Researches

Colibri Page Builder, CVE-2023-2188

CVE, Research URL

CVE-2023-2188

Home page URL

Security reports for Colibri Page Builder

Application

Colibri Page Builder

Published on
Aug 31, 2023
Research Description
The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 1.0.229.
Status
vulnerable
Previous vulnerability researches
Colibri Page Builder (CVE-2025-32185) , Apr 05, 2025
Colibri Page Builder (CVE-2024-4451) , Jun 08, 2024
Colibri Page Builder (CVE-2024-5020) , Dec 06, 2024
Colibri Page Builder (CVE-2024-1361) , Jun 07, 2024
Colibri Page Builder (CVE-2024-28004) , Jun 07, 2024
New vulnerability
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025
Widgetize Pages Light (CVE-2025-32117) , Apr 09, 2025