Browse all 3 CVE security advisories affecting Oxygen Builder. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Oxygen Builder is a WordPress page builder plugin enabling visual website design without coding knowledge. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, including CVE-2022-0739 and CVE-2021-24732, which allowed attackers to execute arbitrary PHP code. Other reported issues include cross-site scripting (XSS) flaws and privilege escalation vulnerabilities. The plugin's extensive functionality and integration with WordPress core have made it a target for exploitation. Security researchers have identified multiple instances where improper input validation and insufficient access controls led to critical vulnerabilities, highlighting the importance of timely updates and proper hardening for installations using this tool.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-6688 | Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update — Oxygen BuilderCWE-862 | 4.3 | Medium | 2024-08-27 |
| CVE-2024-4662 | Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution — Oxygen BuilderCWE-94 | 8.8 | High | 2024-05-23 |
| CVE-2023-6938 | Oxygen Builder <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Oxygen BuilderCWE-79 | 6.4 | Medium | 2024-01-11 |
This page lists every published CVE security advisory associated with Oxygen Builder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.