Themeum Wp Page Builder
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Themeum Wp Page Builder.
By the Year
In 2026 there have been 0 vulnerabilities in Themeum Wp Page Builder. Wp Page Builder did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 5.10 |
| 2021 | 2 | 4.85 |
It may take a day or so for new Wp Page Builder vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Themeum Wp Page Builder Security Vulnerabilities
WP Page Builder 1.2.8: Admin Stored XSS Vulnerability
CVE-2022-3830
4.8 - Medium
- December 05, 2022
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
XSS
WP Page Builder <=1.2.6 XSS Vulnerabilities (Auth+ Stored XSS)
CVE-2022-40963
5.4 - Medium
- November 18, 2022
Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.
XSS
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the Raw HTML widget and the Custom HTML widgets (though the custom HTML widget requires sending a crafted request - it appears
CVE-2021-24208
5.4 - Medium
- April 05, 2021
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the Raw HTML widget and the Custom HTML widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the page_builder_data parameter when performing the wppb_page_save AJAX action. It is also possible to insert malicious JavaScript via the wppb_page_css parameter (this can be done by closing out the style tag and opening a script tag) when performing the wppb_page_save AJAX action.
XSS
By default, the WP Page Builder WordPress plugin before 1.2.4
CVE-2021-24207
4.3 - Medium
- April 05, 2021
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Themeum Wp Page Builder or by Themeum? Click the Watch button to subscribe.
