Envato Elements – Photos & Elementor Templates Security Vulnerabilities

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to unsafe parsing of noscript elements, which allows an attacker to execute malicious code when the content is loaded into the...

CVE-2024-5686

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....

CVE-2024-5686

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....

CVE-2024-5686 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....

CVE-2024-4626

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

CVE-2024-4626

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start....

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

CVE-2024-38357

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has...

Exploit for CVE-2023-47504

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to...

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start....

CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start....

CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to...

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...

CVE-2024-38606 crypto: qat - validate slices count returned by FW

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start....

CVE-2024-38606 crypto: qat - validate slices count returned by FW

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start....

CVE-2024-38592 drm/mediatek: Init `ddp_comp` with devm_kcalloc()

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...

CVE-2024-38592 drm/mediatek: Init `ddp_comp` with devm_kcalloc()

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...

CVE-2023-41805

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

CVE-2023-41805

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

CVE-2023-39993

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

CVE-2023-39993

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

CVE-2023-35050

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...

CVE-2023-35050

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...

CVE-2023-35050 WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...

CVE-2023-41805 Broken Access Control vulnerability in multiple Brainstorm Force plugins

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

CVE-2023-48761

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48759

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48759

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48761

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48759 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48760 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48760 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

CVE-2023-48761 WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...