Extendthemes Colibri Page Builder
17 CVEs affecting Extendthemes Colibri Page Builder. Latest disclosed: 2025-12-19. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-2188 | High | 7.2 | 2023-08-31 | The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient… |
CVE-2023-50833 | Medium | 6.5 | 2023-12-21 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This… |
CVE-2025-11747 | Medium | 6.4 | 2025-12-19 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibri_blog_posts shortcode in all versions up to, and incl… |
CVE-2025-11376 | Medium | 6.4 | 2025-12-13 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_loop' shortcode in all versions up to, and… |
CVE-2025-9560 | Medium | 6.4 | 2025-10-11 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to… |
CVE-2024-5020 | Medium | 6.4 | 2024-12-04 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in… |
CVE-2024-4451 | Medium | 6.4 | 2024-06-07 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up t… |
CVE-2024-5038 | Medium | 6.4 | 2024-06-06 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including… |
CVE-2024-3337 | Medium | 6.4 | 2024-05-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versi… |
CVE-2024-2839 | Medium | 6.4 | 2024-04-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up t… |
CVE-2023-6988 | Medium | 6.4 | 2024-01-11 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions… |
CVE-2024-3340 | Medium | 5.4 | 2024-05-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versio… |
CVE-2024-28004 | Medium | 5.4 | 2024-03-28 | Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. |
CVE-2024-3338 | Medium | 4.4 | 2024-05-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1… |
CVE-2024-1870 | Medium | 4.3 | 2024-03-09 | The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEn… |
CVE-2024-1362 | Medium | 4.3 | 2024-02-23 | The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing… |
CVE-2024-1361 | Medium | 4.3 | 2024-02-23 | The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing… |