Browse all 4 CVE security advisories affecting Breakdance. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Breakdance is a WordPress page builder plugin enabling visual website design through drag-and-drop functionality. Historically, it has been susceptible to multiple remote code execution vulnerabilities due to insufficient input sanitization and improper file handling, alongside cross-site scripting flaws from inadequate output escaping. Privilege escalation issues have also been documented, allowing unauthorized access to restricted functions. The plugin's complex architecture with numerous shortcodes and dynamic content rendering increases attack surface. Four CVEs highlight persistent security challenges, though no major public incidents have been reported. Regular updates remain critical for maintaining security in environments utilizing this tool for web development.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-5330 | Breakdance <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — BreakdanceCWE-79 | 6.4 | Medium | 2024-08-01 |
| CVE-2024-5331 | Breakdance <= 1.7.2 - Missing Authorization — BreakdanceCWE-284 | 4.3 | Medium | 2024-08-01 |
| CVE-2024-4605 | Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution — BreakdanceCWE-94 | 8.8 | High | 2024-05-09 |
| CVE-2023-6854 | Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta — BreakdanceCWE-79 | 6.4 | Medium | 2024-05-06 |
This page lists every published CVE security advisory associated with Breakdance. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.