Landing Page Builder < 1.4.9.6 – Authenticated Reflected Cross-Site Scripting (XSS) | CVE 2021-25067

Affects Plugins

page-builder-add

Fixed in 1.4.9.6

References

CVE

CVE-2021-25067

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

365007f0-61ac-4e81-8a3a-3a068f2c84bc

Timeline

Publicly Published

2021-12-16 (about 4 years ago)

Added

2021-12-16 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2024-12-03

Title

Intro Tour Tutorial DeepPresentation < 6.5.3 - Reflected Cross-Site Scripting

Published

2024-07-10

Title

Bradmax Player < 1.1.28 - Contributor+ Stored XSS

Published

2015-03-13

Title

Wpml < 3.1.9 - XSS

Published

2025-04-09

Title

Lock Your Updates <= 1.1 - Reflected Cross-Site Scripting

Published

2025-06-05

Title

Image Hover Effects Block <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting