Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

cvelist
cvelist

CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-05-23 12:09 PM
nvd
nvd

CVE-2024-4378

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-23 11:15 AM
cve
cve

CVE-2024-3997

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 11:15 AM
63
cve
cve

CVE-2024-4378

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-23 11:15 AM
65
nvd
nvd

CVE-2024-3997

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-23 11:15 AM
cvelist
cvelist

CVE-2024-4378 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Menu and Shape Divider

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-23 11:02 AM
cvelist
cvelist

CVE-2024-3997 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-23 11:02 AM
nvd
nvd

CVE-2024-4779

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

8.7AI Score

0.001EPSS

2024-05-23 10:15 AM
cve
cve

CVE-2024-4779

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-23 10:15 AM
56
cvelist
cvelist

CVE-2024-4779 Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

8.7AI Score

0.001EPSS

2024-05-23 09:32 AM
nvd
nvd

CVE-2023-6325

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-23 05:15 AM
cve
cve

CVE-2023-6325

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-23 05:15 AM
33
cvelist
cvelist

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-23 04:30 AM
vulnrichment
vulnrichment

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

6.9AI Score

0.001EPSS

2024-05-23 04:30 AM
nvd
nvd

CVE-2024-4431

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-23 04:15 AM
2
cve
cve

CVE-2024-4431

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-23 04:15 AM
30
cvelist
cvelist

CVE-2024-4431 LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-23 03:31 AM
nvd
nvd

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-23 02:15 AM
cve
cve

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 02:15 AM
24
cvelist
cvelist

CVE-2024-4486 Awesome Contact Form7 for Elementor <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AEP Contact Form 7 Widget

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-23 01:56 AM
1
wpvulndb
wpvulndb

140+ Widgets | Best Addons For Elementor – FREE < 1.4.3.2 - Authenticated (Contributor+) PHP Object Injection

Description The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level...

8CVSS

7.5AI Score

0.001EPSS

2024-05-23 12:00 AM
2
wpvulndb
wpvulndb

LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor < 1.10.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-23 12:00 AM
1
wpvulndb
wpvulndb

Unlimited Elements for Elementor < 1.5.108 - Contributor+ SQLi

Description The plugin is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access...

8.8CVSS

7.3AI Score

0.001EPSS

2024-05-23 12:00 AM
2
cve
cve

CVE-2024-3926

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input...

6.4CVSS

6.2AI Score

0.0004EPSS

2024-05-22 03:15 PM
27
nvd
nvd

CVE-2024-3926

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-22 03:15 PM
cvelist
cvelist

CVE-2024-3926 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-22 02:32 PM
osv
osv

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-05-22 02:13 PM
5
github
github

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS

7.1AI Score

0.0004EPSS

2024-05-22 02:13 PM
4
thn
thn

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and...

9.8CVSS

8.1AI Score

0.009EPSS

2024-05-22 12:21 PM
talosblog
talosblog

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...

6.5AI Score

2024-05-22 12:17 PM
8
cve
cve

CVE-2024-4262

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

7.2CVSS

5.7AI Score

0.0005EPSS

2024-05-22 10:15 AM
30
nvd
nvd

CVE-2024-4262

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

7.2CVSS

6.2AI Score

0.0005EPSS

2024-05-22 10:15 AM
vulnrichment
vulnrichment

CVE-2024-4262 Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

7.2CVSS

5.8AI Score

0.0005EPSS

2024-05-22 09:31 AM
cvelist
cvelist

CVE-2024-4262 Piotnet Addons For Elementor <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

7.2CVSS

6.2AI Score

0.0005EPSS

2024-05-22 09:31 AM
nvd
nvd

CVE-2024-4896

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 09:15 AM
1
cve
cve

CVE-2024-4896

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-22 09:15 AM
29
cvelist
cvelist

CVE-2024-4896 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 08:31 AM
vulnrichment
vulnrichment

CVE-2024-4896 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-22 08:31 AM
nvd
nvd

CVE-2024-5147

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

9.8CVSS

9.9AI Score

0.001EPSS

2024-05-22 08:15 AM
cve
cve

CVE-2024-5147

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

9.8CVSS

7.9AI Score

0.001EPSS

2024-05-22 08:15 AM
29
cvelist
cvelist

CVE-2024-5147 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

9.8CVSS

9.9AI Score

0.001EPSS

2024-05-22 07:37 AM
1
cve
cve

CVE-2024-3927

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-22 07:15 AM
27
nvd
nvd

CVE-2024-3927

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-22 07:15 AM
vulnrichment
vulnrichment

CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...

5.3CVSS

6.9AI Score

0.001EPSS

2024-05-22 06:50 AM
cvelist
cvelist

CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of...

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-22 06:50 AM
cve
cve

CVE-2024-5092

The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-22 06:15 AM
27
nvd
nvd

CVE-2024-5092

The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 06:15 AM
nvd
nvd

CVE-2024-3611

The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-22 06:15 AM
cve
cve

CVE-2024-3611

The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-22 06:15 AM
24
nvd
nvd

CVE-2024-3066

The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-22 06:15 AM
Total number of security vulnerabilities12758