Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mega_addons_for_wpbakery_page_builder
(Topdigitaltrends)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-08 | CVE-2023-0268 | The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | Mega_addons_for_wpbakery_page_builder | 5.4 | ||
| 2022-09-23 | CVE-2022-36798 | Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. | Mega_addons_for_wpbakery_page_builder | 8.8 | ||
| 2022-12-14 | CVE-2022-4501 | The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings. | Mega_addons_for_wpbakery_page_builder | 6.5 |