Lucene search

K

Image Hover Effects – Elementor Addon Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5418 DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-31 02:41 AM
vulnrichment
vulnrichment

CVE-2024-5345 Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

8.8CVSS

7.6AI Score

0.001EPSS

2024-05-31 02:41 AM
wpvulndb
wpvulndb

Elements For Elementor < 2.2 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes

Description The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout'...

8.8CVSS

7.6AI Score

0.001EPSS

2024-05-31 12:00 AM
f5
f5

K000139859: Envoy vulnerability CVE-2024-30255

Security Advisory Description Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an....

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-31 12:00 AM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

9.8CVSS

9.9AI Score

0.035EPSS

2024-05-30 03:23 PM
13
cve
cve

CVE-2024-4668

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 10:15 AM
24
nvd
nvd

CVE-2024-4668

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-30 10:15 AM
vulnrichment
vulnrichment

CVE-2024-4668 Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 09:30 AM
2
cvelist
cvelist

CVE-2024-4668 Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-30 09:30 AM
nvd
nvd

CVE-2024-5327

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-30 07:15 AM
cve
cve

CVE-2024-5327

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 07:15 AM
24
cve
cve

CVE-2024-5073

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 07:15 AM
25
nvd
nvd

CVE-2024-5073

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-30 07:15 AM
1
cvelist
cvelist

CVE-2024-5073 Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-30 06:48 AM
cvelist
cvelist

CVE-2024-5327 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-30 06:48 AM
vulnrichment
vulnrichment

CVE-2024-5327 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 06:48 AM
cve
cve

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 06:15 AM
27
nvd
nvd

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 06:15 AM
vulnrichment
vulnrichment

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 05:33 AM
cvelist
cvelist

CVE-2024-5341 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes......

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 05:33 AM
cve
cve

CVE-2024-3190

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.7AI Score

0.0004EPSS

2024-05-30 04:15 AM
23
nvd
nvd

CVE-2024-3063

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 04:15 AM
nvd
nvd

CVE-2024-3190

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.3AI Score

0.0004EPSS

2024-05-30 04:15 AM
cve
cve

CVE-2024-3063

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 04:15 AM
25
cve
cve

CVE-2024-2253

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-30 04:15 AM
25
nvd
nvd

CVE-2024-2253

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 04:15 AM
cvelist
cvelist

CVE-2024-2253 Testimonial Carousel For Elementor <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 03:34 AM
cvelist
cvelist

CVE-2024-3190 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.3AI Score

0.0004EPSS

2024-05-30 03:34 AM
1
cvelist
cvelist

CVE-2024-3063 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-30 03:34 AM
vulnrichment
vulnrichment

CVE-2024-3190 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS

5.7AI Score

0.0004EPSS

2024-05-30 03:34 AM
1
vulnrichment
vulnrichment

CVE-2024-3063 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 03:34 AM
wpvulndb
wpvulndb

Happy Addons for Elementor < 3.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 12:00 AM
wpvulndb
wpvulndb

Responsive Owl Carousel for Elementor < 1.2.1 - Local File Inclusion

Description The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute....

8.8CVSS

9.6AI Score

0.001EPSS

2024-05-30 12:00 AM
1
wpvulndb
wpvulndb

Happy Addons for Elementor < 3.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-30 12:00 AM
3
wpvulndb
wpvulndb

DethemeKit For Elementor < 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via slitems Attribute

Description The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user...

6.4CVSS

7.8AI Score

0.001EPSS

2024-05-30 12:00 AM
schneier
schneier

Privacy Implications of Tracking Wireless Access Points

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of...

6.9AI Score

2024-05-29 11:01 AM
10
cve
cve

CVE-2024-5086

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-29 08:15 AM
24
nvd
nvd

CVE-2024-5086

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-29 08:15 AM
cvelist
cvelist

CVE-2024-5086 Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-29 07:33 AM
3
vulnrichment
vulnrichment

CVE-2024-5086 Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-29 07:33 AM
cve
cve

CVE-2023-6743

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...

8.8CVSS

7.5AI Score

0.001EPSS

2024-05-29 05:16 AM
nvd
nvd

CVE-2023-6743

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...

8.8CVSS

8.9AI Score

0.001EPSS

2024-05-29 05:16 AM
cvelist
cvelist

CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...

8.8CVSS

8.9AI Score

0.001EPSS

2024-05-29 04:30 AM
2
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtlottie-6.7.1-1.fc40

Qt Lottie Animation provides a QML API for rendering graphics and animations that are exported in JSON format by the Bodymovin plugin for Adobe After...

6.3AI Score

0.0004EPSS

2024-05-29 03:37 AM
4
wpvulndb
wpvulndb

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.108 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

Description The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user...

5.4CVSS

5AI Score

0.0004EPSS

2024-05-29 12:00 AM
wpvulndb
wpvulndb

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-29 12:00 AM
wpvulndb
wpvulndb

Testimonial Carousel For Elementor <= 10.2.2 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
talos
talos

Foxit Reader Updater improper certificate validation privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-1989 Foxit Reader Updater improper certificate validation privilege escalation vulnerability May 28, 2024 CVE Number CVE-2024-29072 SUMMARY A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper....

8.2CVSS

7.6AI Score

0.0004EPSS

2024-05-28 12:00 AM
1
nessus
nessus

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0142-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0142-1 advisory. - Update to 110.0.5130.39 * DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint * DNA-116680 Import 0-day fix for CVE-2024-5274 -...

9.6CVSS

7AI Score

0.003EPSS

2024-05-28 12:00 AM
openvas
openvas

openSUSE: Security Advisory for opera (openSUSE-SU-2024:0142-1)

The remote host is missing an update for...

9.6CVSS

9.2AI Score

0.003EPSS

2024-05-28 12:00 AM
Total number of security vulnerabilities12757