Extendthemes Colibri Page Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Extendthemes Colibri Page Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2023-2188 — CVSS 7.2 (high): The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including…
CVE-2025-32185 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder…
CVE-2023-50833 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Page Builder…
CVE-2024-2839 — CVSS 6.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode…
CVE-2023-6988 — CVSS 6.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js…
CVE-2024-3337 — CVSS 6.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element'…
CVE-2024-4451 — CVSS 6.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode…
CVE-2024-5038 — CVSS 6.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up…
CVE-2025-59593 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder…
CVE-2024-28004 — CVSS 5.4 (medium): Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.
CVE-2024-3340 — CVSS 5.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow'…
CVE-2024-3338 — CVSS 4.4 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up…
CVE-2024-1361 — CVSS 4.3 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253…
CVE-2024-1870 — CVSS 4.3 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
CVE-2024-1362 — CVSS 4.3 (medium): The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253…