Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

cve
cve

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 09:15 AM
24
cvelist
cvelist

CVE-2024-5571 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 08:33 AM
2
cve
cve

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 08:15 AM
22
nvd
nvd

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 08:15 AM
cvelist
cvelist

CVE-2024-5006 Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 07:34 AM
1
vulnrichment
vulnrichment

CVE-2024-5006 Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 07:34 AM
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtgraphicaleffects-5.15.14-1.fc40

The Qt Graphical Effects module provides a set of QML types for adding visually impressive and configurable effects to user interfaces. Effects are visual items that can be added to Qt Quick user interface as UI...

6.4AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
wpvulndb
wpvulndb

Image Hover Effects for Elementor with Lightbox and Flipbox <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters

Description The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-05 12:00 AM
wpvulndb
wpvulndb

Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-05 12:00 AM
wpvulndb
wpvulndb

Clever Addons for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple CAFE Widgets

Description The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 12:00 AM
wpvulndb
wpvulndb

Magical Addons For Elementor < 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 12:00 AM
cve
cve

CVE-2024-30525

Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through...

7.3CVSS

7.2AI Score

0.0005EPSS

2024-06-04 08:15 PM
5
nvd
nvd

CVE-2024-30525

Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through...

7.3CVSS

5.3AI Score

0.0005EPSS

2024-06-04 08:15 PM
cvelist
cvelist

CVE-2024-30525 WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-04 07:24 PM
2
nvd
nvd

CVE-2024-30484

Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-04 07:19 PM
cve
cve

CVE-2024-30484

Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through...

8.8CVSS

7.2AI Score

0.001EPSS

2024-06-04 07:19 PM
6
cvelist
cvelist

CVE-2024-30484 WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through...

4.3CVSS

4.7AI Score

0.001EPSS

2024-06-04 07:08 PM
nvd
nvd

CVE-2024-35782

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through...

5.4CVSS

6.4AI Score

0.0004EPSS

2024-06-04 02:15 PM
cve
cve

CVE-2024-35782

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 02:15 PM
18
cve
cve

CVE-2024-35666

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 02:15 PM
18
nvd
nvd

CVE-2024-35666

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through...

5.4CVSS

6.4AI Score

0.0004EPSS

2024-06-04 02:15 PM
1
cve
cve

CVE-2024-34384

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

8.8CVSS

7.2AI Score

0.0005EPSS

2024-06-04 02:15 PM
4
nvd
nvd

CVE-2024-34384

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

8.8CVSS

6.8AI Score

0.0005EPSS

2024-06-04 02:15 PM
5
vulnrichment
vulnrichment

CVE-2024-35666 WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-04 01:53 PM
cvelist
cvelist

CVE-2024-35666 WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-04 01:53 PM
4
vulnrichment
vulnrichment

CVE-2024-35782 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-04 01:46 PM
cvelist
cvelist

CVE-2024-35782 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through...

6.5CVSS

5.8AI Score

0.0004EPSS

2024-06-04 01:46 PM
2
vulnrichment
vulnrichment

CVE-2024-34384 WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

6.9AI Score

0.0005EPSS

2024-06-04 01:17 PM
cvelist
cvelist

CVE-2024-34384 WordPress Sina Extension for Elementor plugin <= 3.5.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-04 01:17 PM
4
nvd
nvd

CVE-2024-33541

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 01:15 PM
cve
cve

CVE-2024-33541

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

7.1AI Score

0.0004EPSS

2024-06-04 01:15 PM
4
cvelist
cvelist

CVE-2024-33541 WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 01:04 PM
1
vulnrichment
vulnrichment

CVE-2024-33541 WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-04 01:04 PM
nvd
nvd

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 10:15 AM
1
cve
cve

CVE-2024-4637

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-04 10:15 AM
4
cvelist
cvelist

CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-04 09:31 AM
vulnrichment
vulnrichment

CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-04 09:31 AM
nvd
nvd

CVE-2023-33930

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

9.4AI Score

0.0004EPSS

2024-06-04 07:15 AM
cve
cve

CVE-2023-33930

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

7.3AI Score

0.0004EPSS

2024-06-04 07:15 AM
8
vulnrichment
vulnrichment

CVE-2023-33930 WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

7.1AI Score

0.0004EPSS

2024-06-04 07:08 AM
cvelist
cvelist

CVE-2023-33930 WordPress Unlimited Elements For Elementor plugin <= 1.5.66 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Code Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

9.1CVSS

9.4AI Score

0.0004EPSS

2024-06-04 07:08 AM
2
nvd
nvd

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 06:15 AM
1
cve
cve

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-04 06:15 AM
17
vulnrichment
vulnrichment

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-04 05:32 AM
cvelist
cvelist

CVE-2024-4697 Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via heading_tag Parameter

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 05:32 AM
1
nvd
nvd

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-06-03 12:15 PM
4
cve
cve

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-06-03 12:15 PM
14
nvd
nvd

CVE-2024-34764

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-03 12:15 PM
cve
cve

CVE-2024-34764

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-03 12:15 PM
25
vulnrichment
vulnrichment

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-03 11:49 AM
Total number of security vulnerabilities12758