VYPR

Bm Content Builder

by WordPress

CVEs (4)

  • CVE-2025-1279HigApr 25, 2025
    risk 0.57cvss 8.8epss 0.00

    The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it…

  • CVE-2025-59002HigSep 26, 2025
    risk 0.50cvss 7.7epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through < 3.16.3.3.

  • CVE-2025-69055MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through < 3.16.3.3.

  • CVE-2025-1777MedJun 6, 2025
    risk 0.42cvss 6.4epss 0.00

    The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with…