VYPR

Breakdance

by WordPress

CVEs (5)

  • CVE-2024-31390CriApr 3, 2024
    risk 0.64cvss 9.9epss 0.01

    : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2.

  • CVE-2024-4605HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users,…

  • CVE-2024-5330MedAug 1, 2024
    risk 0.42cvss 6.4epss 0.00

    The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2023-6854MedMay 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it…

  • CVE-2024-5331MedAug 1, 2024
    risk 0.28cvss 4.3epss 0.00

    The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.