Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

cvelist
cvelist

CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:03 PM
3
nvd
nvd

CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-09 12:15 PM
3
cve
cve

CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-09 12:15 PM
24
vulnrichment
vulnrichment

CVE-2024-35660 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-09 11:56 AM
cvelist
cvelist

CVE-2024-35660 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-09 11:56 AM
1
nvd
nvd

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

0.0004EPSS

2024-06-09 10:15 AM
3
cve
cve

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-09 10:15 AM
26
vulnrichment
vulnrichment

CVE-2023-31080 WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

7AI Score

0.0004EPSS

2024-06-09 09:27 AM
cvelist
cvelist

CVE-2023-31080 WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

0.0004EPSS

2024-06-09 09:27 AM
3
nvd
nvd

CVE-2024-35702

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 03:15 PM
cve
cve

CVE-2024-35703

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
25
nvd
nvd

CVE-2024-35703

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 03:15 PM
cve
cve

CVE-2024-35702

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
23
cve
cve

CVE-2024-35688

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
nvd
nvd

CVE-2024-35688

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 03:15 PM
cvelist
cvelist

CVE-2024-35688 WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:41 PM
1
vulnrichment
vulnrichment

CVE-2024-35688 WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:41 PM
vulnrichment
vulnrichment

CVE-2024-35702 WordPress Master Addons for Elementor plugin <= 2.0.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:15 PM
1
cvelist
cvelist

CVE-2024-35702 WordPress Master Addons for Elementor plugin <= 2.0.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:15 PM
1
nvd
nvd

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:15 PM
cve
cve

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
nvd
nvd

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:15 PM
1
cvelist
cvelist

CVE-2024-35703 WordPress Sina Extension for Elementor plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:14 PM
3
vulnrichment
vulnrichment

CVE-2024-35703 WordPress Sina Extension for Elementor plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:14 PM
vulnrichment
vulnrichment

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:03 PM
cvelist
cvelist

CVE-2024-35709 WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:03 PM
1
vulnrichment
vulnrichment

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 01:36 PM
cvelist
cvelist

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 01:36 PM
3
cve
cve

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

6.4AI Score

0.0004EPSS

2024-06-08 07:15 AM
23
nvd
nvd

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

0.0004EPSS

2024-06-08 07:15 AM
2
cvelist
cvelist

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

0.0004EPSS

2024-06-08 06:54 AM
1
vulnrichment
vulnrichment

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

5.8AI Score

0.0004EPSS

2024-06-08 06:54 AM
nvd
nvd

CVE-2024-3668

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-08 05:15 AM
2
cve
cve

CVE-2024-3668

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-08 05:15 AM
22
cvelist
cvelist

CVE-2024-3668 PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

0.001EPSS

2024-06-08 04:32 AM
1
vulnrichment
vulnrichment

CVE-2024-3668 PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated...

8.8CVSS

6.8AI Score

0.001EPSS

2024-06-08 04:32 AM
nvd
nvd

CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

6.1CVSS

0.0005EPSS

2024-06-07 01:15 PM
3
cve
cve

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

6.3AI Score

0.0005EPSS

2024-06-07 01:15 PM
22
nvd
nvd

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

5.3CVSS

0.0005EPSS

2024-06-07 01:15 PM
3
cve
cve

CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

7.2CVSS

6.3AI Score

0.0005EPSS

2024-06-07 01:15 PM
21
cvelist
cvelist

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

0.0005EPSS

2024-06-07 12:33 PM
1
vulnrichment
vulnrichment

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-07 12:33 PM
1
cvelist
cvelist

CVE-2024-5542 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

7.2CVSS

0.0005EPSS

2024-06-07 12:33 PM
2
vulnrichment
vulnrichment

CVE-2024-5542 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input....

7.2CVSS

6.1AI Score

0.0005EPSS

2024-06-07 12:33 PM
cve
cve

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-07 10:15 AM
25
nvd
nvd

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS

0.001EPSS

2024-06-07 10:15 AM
cvelist
cvelist

CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

0.001EPSS

2024-06-07 09:33 AM
vulnrichment
vulnrichment

CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-07 09:33 AM
nvd
nvd

CVE-2024-4488

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS

0.001EPSS

2024-06-07 07:15 AM
1
Total number of security vulnerabilities12757