Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

cve
cve

CVE-2024-4488

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-07 07:15 AM
24
nvd
nvd

CVE-2024-4489

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS

0.001EPSS

2024-06-07 07:15 AM
cve
cve

CVE-2024-4489

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

6AI Score

0.001EPSS

2024-06-07 07:15 AM
22
cvelist
cvelist

CVE-2024-4488 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

0.001EPSS

2024-06-07 06:52 AM
cvelist
cvelist

CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.001EPSS

2024-06-07 06:52 AM
1
vulnrichment
vulnrichment

CVE-2024-4489 Royal Elementor Addons and Templates <= 1.3.976 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-07 06:52 AM
nvd
nvd

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

0.001EPSS

2024-06-07 05:15 AM
1
cve
cve

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

6AI Score

0.001EPSS

2024-06-07 05:15 AM
22
cve
cve

CVE-2024-5612

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-07 05:15 AM
24
nvd
nvd

CVE-2024-5612

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....

6.4CVSS

0.0004EPSS

2024-06-07 05:15 AM
1
vulnrichment
vulnrichment

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-07 04:33 AM
1
cvelist
cvelist

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

0.001EPSS

2024-06-07 04:33 AM
vulnrichment
vulnrichment

CVE-2024-5612 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-07 04:33 AM
cvelist
cvelist

CVE-2024-5612 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....

6.4CVSS

0.0004EPSS

2024-06-07 04:33 AM
4
cve
cve

CVE-2024-4887

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-07 04:15 AM
23
nvd
nvd

CVE-2024-4887

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

0.001EPSS

2024-06-07 04:15 AM
cvelist
cvelist

CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

0.001EPSS

2024-06-07 03:21 AM
vulnrichment
vulnrichment

CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-07 03:21 AM
openvas
openvas

Fedora: Security Advisory for qt6-qtlottie (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
openvas

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
talosblog
talosblog

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

7.2AI Score

2024-06-06 06:00 PM
9
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
7
ics
ics

Emerson PACSystem and Fanuc

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...

8.4AI Score

EPSS

2024-06-06 12:00 PM
1
thn
thn

Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them

_Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. _ In an...

9AI Score

2024-06-06 11:30 AM
1
nvd
nvd

CVE-2024-5188

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization...

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 11:15 AM
cve
cve

CVE-2024-5188

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization...

6.4CVSS

6.1AI Score

0.001EPSS

2024-06-06 11:15 AM
22
cvelist
cvelist

CVE-2024-5188 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 11:03 AM
1
cve
cve

CVE-2024-5329

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

7.8AI Score

0.001EPSS

2024-06-06 10:15 AM
22
nvd
nvd

CVE-2024-5329

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-06 10:15 AM
1
cve
cve

CVE-2024-5259

The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.1AI Score

0.001EPSS

2024-06-06 10:15 AM
20
nvd
nvd

CVE-2024-5259

The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it...

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 10:15 AM
4
vulnrichment
vulnrichment

CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

7.3AI Score

0.001EPSS

2024-06-06 09:34 AM
cvelist
cvelist

CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS

8.7AI Score

0.001EPSS

2024-06-06 09:34 AM
cvelist
cvelist

CVE-2024-5259 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter

The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 09:34 AM
1
vulnrichment
vulnrichment

CVE-2024-5259 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter

The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-06 09:34 AM
nvd
nvd

CVE-2024-5161

The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 04:15 AM
nvd
nvd

CVE-2024-5162

The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
2
cve
cve

CVE-2024-5162

The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 04:15 AM
23
cve
cve

CVE-2024-5161

The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-06 04:15 AM
23
nvd
nvd

CVE-2024-5153

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

9.1CVSS

9.2AI Score

0.001EPSS

2024-06-06 04:15 AM
nvd
nvd

CVE-2024-5152

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
1
cve
cve

CVE-2024-5153

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

9.1CVSS

6.9AI Score

0.001EPSS

2024-06-06 04:15 AM
23
cve
cve

CVE-2024-5152

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 04:15 AM
23
nvd
nvd

CVE-2024-4364

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
1
nvd
nvd

CVE-2024-4458

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
nvd
nvd

CVE-2024-4459

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
cve
cve

CVE-2024-4458

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-06 04:15 AM
24
cve
cve

CVE-2024-4608

The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6AI Score

0.001EPSS

2024-06-06 04:15 AM
22
cve
cve

CVE-2024-4364

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-06 04:15 AM
24
nvd
nvd

CVE-2024-4608

The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-06 04:15 AM
1
Total number of security vulnerabilities12757