Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-18 11:35 AM
nvd
nvd

CVE-2024-4432

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-18 10:15 AM
cve
cve

CVE-2024-4432

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-18 10:15 AM
28
vulnrichment
vulnrichment

CVE-2024-4432 Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-18 09:39 AM
cvelist
cvelist

CVE-2024-4432 Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-18 09:39 AM
cve
cve

CVE-2024-4698

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-18 08:15 AM
32
nvd
nvd

CVE-2024-4698

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-18 08:15 AM
cvelist
cvelist

CVE-2024-4698 Testimonial Carousel For Elementor <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-18 07:38 AM
vulnrichment
vulnrichment

CVE-2024-4698 Testimonial Carousel For Elementor <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-18 07:38 AM
nvd
nvd

CVE-2024-4374

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-18 05:15 AM
1
cve
cve

CVE-2024-4374

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-18 05:15 AM
29
cvelist
cvelist

CVE-2024-4374 DethemeKit For Elementor <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-18 04:30 AM
vulnrichment
vulnrichment

CVE-2024-4374 DethemeKit For Elementor <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-18 04:30 AM
nvd
nvd

CVE-2024-4865

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-18 03:15 AM
cve
cve

CVE-2024-4865

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-18 03:15 AM
28
cvelist
cvelist

CVE-2024-4865 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-18 03:06 AM
vulnrichment
vulnrichment

CVE-2024-4865 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-18 03:06 AM
nvd
nvd

CVE-2024-34755

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-05-17 10:15 AM
1
cve
cve

CVE-2024-34755

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 10:15 AM
27
nvd
nvd

CVE-2024-32786

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 10:15 AM
cve
cve

CVE-2024-32786

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-17 10:15 AM
36
cvelist
cvelist

CVE-2024-34755 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-05-17 09:52 AM
1
vulnrichment
vulnrichment

CVE-2024-34755 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-05-17 09:52 AM
cvelist
cvelist

CVE-2024-32786 WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-05-17 09:38 AM
vulnrichment
vulnrichment

CVE-2024-32786 WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:38 AM
nvd
nvd

CVE-2024-24934

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through...

8.5CVSS

8.4AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2024-24934

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through...

8.5CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
106
nvd
nvd

CVE-2023-51401

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:15 AM
42
cve
cve

CVE-2023-51401

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
40
nvd
nvd

CVE-2023-51398

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
nvd
nvd

CVE-2023-50890

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
cve
cve

CVE-2023-50890

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 09:15 AM
23
cve
cve

CVE-2023-47679

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through...

6.4CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
73
nvd
nvd

CVE-2023-47679

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-17 09:15 AM
nvd
nvd

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
1
cve
cve

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
61
cvelist
cvelist

CVE-2024-24934 WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through...

8.5CVSS

8.4AI Score

0.0004EPSS

2024-05-17 08:50 AM
4
vulnrichment
vulnrichment

CVE-2024-24934 WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through...

8.5CVSS

6.8AI Score

0.0004EPSS

2024-05-17 08:50 AM
cvelist
cvelist

CVE-2023-51401 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.13 - Limited Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Relative Path Traversal.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-05-17 08:40 AM
vulnrichment
vulnrichment

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

7AI Score

0.0004EPSS

2024-05-17 08:40 AM
1
cvelist
cvelist

CVE-2023-51398 WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 08:40 AM
cvelist
cvelist

CVE-2023-50890 WordPress Ultimate Addons for Elementor plugin <= 1.36.20 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 08:39 AM
vulnrichment
vulnrichment

CVE-2023-50890 WordPress Ultimate Addons for Elementor plugin <= 1.36.20 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through...

8.8CVSS

7AI Score

0.0004EPSS

2024-05-17 08:39 AM
cvelist
cvelist

CVE-2023-47679 WordPress Qi Addons For Elementor plugin <= 1.6.3 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through...

6.4CVSS

6.4AI Score

0.0004EPSS

2024-05-17 08:35 AM
vulnrichment
vulnrichment

CVE-2023-47679 WordPress Qi Addons For Elementor plugin <= 1.6.3 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through...

6.4CVSS

6.9AI Score

0.0004EPSS

2024-05-17 08:35 AM
cvelist
cvelist

CVE-2023-47178 WordPress The Plus Addons for Elementor Pro plugin <= 5.2.8 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 08:35 AM
1
vulnrichment
vulnrichment

CVE-2023-47178 WordPress The Plus Addons for Elementor Pro plugin <= 5.2.8 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

6.9AI Score

0.0004EPSS

2024-05-17 08:35 AM
nvd
nvd

CVE-2023-41955

Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-17 07:15 AM
cve
cve

CVE-2023-41955

Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 07:15 AM
36
Total number of security vulnerabilities12757