Skip to main content

Breakdance

3 CVEs product

Monthly

CVE-2026-7543 HIGH This Week

Stored cross-site scripting in the Breakdance WordPress page-builder plugin (versions through 2.7.1) lets unauthenticated attackers inject persistent JavaScript through the 'fields' parameter, which then runs in the browser of any user who views the affected page. The flaw carries a CVSS 3.1 score of 7.2, elevated by a scope change (S:C) because the payload executes in visitors' browser sessions rather than the server context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Wordfence discovered and reported it.

WordPress XSS Breakdance
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-5331 MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Breakdance
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5330 MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Breakdance
NVD
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 7.2
HIGH This Week

Stored cross-site scripting in the Breakdance WordPress page-builder plugin (versions through 2.7.1) lets unauthenticated attackers inject persistent JavaScript through the 'fields' parameter, which then runs in the browser of any user who views the affected page. The flaw carries a CVSS 3.1 score of 7.2, elevated by a scope change (S:C) because the payload executes in visitors' browser sessions rather than the server context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Wordfence discovered and reported it.

WordPress XSS Breakdance
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Breakdance
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Breakdance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy