Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

cve
cve

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 09:15 PM
24
nvd
nvd

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.001EPSS

2024-06-11 09:15 PM
cvelist
cvelist

CVE-2024-4669 Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.001EPSS

2024-06-11 08:33 PM
3
cvelist
cvelist

CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 08:33 PM
2
cve
cve

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 02:15 PM
21
nvd
nvd

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

0.001EPSS

2024-06-11 02:15 PM
2
vulnrichment
vulnrichment

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-11 01:54 PM
cvelist
cvelist

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

0.001EPSS

2024-06-11 01:54 PM
1
malwarebytes
malwarebytes

Google&#8217;s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

7AI Score

2024-06-11 10:45 AM
6
cve
cve

CVE-2023-33922

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-11 10:15 AM
24
nvd
nvd

CVE-2023-33922

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 10:15 AM
4
cvelist
cvelist

CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 09:17 AM
1
vulnrichment
vulnrichment

CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-11 09:17 AM
2
cve
cve

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-11 08:15 AM
23
nvd
nvd

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

0.001EPSS

2024-06-11 08:15 AM
4
cvelist
cvelist

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

0.001EPSS

2024-06-11 07:32 AM
1
vulnrichment
vulnrichment

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

6.8AI Score

0.001EPSS

2024-06-11 07:32 AM
1
cve
cve

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 05:15 AM
24
nvd
nvd

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

0.001EPSS

2024-06-11 05:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 04:32 AM
1
cvelist
cvelist

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

0.001EPSS

2024-06-11 04:32 AM
1
wpvulndb
wpvulndb

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
1
nessus
nessus

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0156-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0156-1 advisory. Update to 110.0.5130.64 * CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 * DNA-116317 Create outline or shadow...

9.6CVSS

8AI Score

0.003EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

PowerPack Pro for Elementor < 2.10.18 - Authenticated (Contributor+) Privilege Escalation

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for...

8.8CVSS

6.7AI Score

0.001EPSS

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

Master Addons for Elementor < 2.0.5.6 - Missing Authorization via get_jltma_save_menuitem_settings()

Description The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_jltma_save_menuitem_settings function in versions up to, and including, 2.0.5.4.1. This makes it possible for unauthenticated attackers...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

Premium Addons for Elementor < 4.10.34 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Description The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Elementor Addon Elements < 1.13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget

Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 12:00 AM
2
wpvulndb
wpvulndb

Newsletter - API v1 and v2 addon for Newsletter < 2.4.6 - Missing Authorization to Email Subscribers Management

Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create.....

6.5CVSS

6.9AI Score

0.0005EPSS

2024-06-11 12:00 AM
3
wpvulndb
wpvulndb

Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Local File Inclusion

Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

Themesflat Addons For Elementor <= 2.1.1 - Contributor+ Stored XSS via Widget Titles

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-11 12:00 AM
1
wpvulndb
wpvulndb

Events Addon for Elementor < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 12:00 AM
2
wpvulndb
wpvulndb

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

Description The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-11 12:00 AM
1
osv
osv

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
1
cve
cve

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-10 10:15 PM
37
nvd
nvd

CVE-2024-37168

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

0.0005EPSS

2024-06-10 10:15 PM
5
cvelist
cvelist

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

0.0005EPSS

2024-06-10 09:32 PM
13
vulnrichment
vulnrichment

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option: If an...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 09:32 PM
4
cve
cve

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 05:16 PM
22
nvd
nvd

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 05:16 PM
3
vulnrichment
vulnrichment

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

7.1AI Score

0.0005EPSS

2024-06-10 04:21 PM
1
cvelist
cvelist

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 04:21 PM
4
cve
cve

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
21
nvd
nvd

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
2
cve
cve

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
22
nvd
nvd

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
vulnrichment
vulnrichment

CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

4.3CVSS

7AI Score

0.001EPSS

2024-06-10 07:49 AM
cvelist
cvelist

CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

4.3CVSS

0.001EPSS

2024-06-10 07:49 AM
1
Total number of security vulnerabilities12915