_This week on the Lock and Code podcast… _ You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological...
7.3AI Score
Description The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes....
6.4CVSS
5.7AI Score
0.0004EPSS
Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Upload
Description The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for...
9.8CVSS
8.3AI Score
0.0004EPSS
Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Deletion
Description The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated...
9.1CVSS
8.1AI Score
0.001EPSS
Description The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input...
6.4CVSS
5.9AI Score
0.0004EPSS
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The.....
9.8CVSS
7.6AI Score
0.915EPSS
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through...
6.5CVSS
9.3AI Score
0.0004EPSS
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through...
4.3CVSS
5.1AI Score
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through...
4.3CVSS
6AI Score
0.0004EPSS
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through...
6.5CVSS
6.9AI Score
0.0004EPSS
Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP...
5.3CVSS
5.3AI Score
0.0004EPSS
Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP addresses. PoC Set any of the following server headers as used in...
5.3CVSS
5.3AI Score
0.0004EPSS
Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Elementor Widget URL Custom Attributes
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6.4CVSS
6AI Score
0.0004EPSS
HT Mega – Absolute Addons For Elementor < 2.4.8 - Missing Authorization to Information Exposure
Description The HT Mega plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the duplicate() function in all versions up to, and including, 2.4.7. This makes it possible for authenticated attackers, with contributor-level access and above, to....
4.3CVSS
6.7AI Score
0.0004EPSS
Metform Elementor Contact Form Builder < 3.8.4 - Missing Authorization to Notice Dismissal
Description The Metform Elementor Contact Form Builder is vulnerable to unauthorized modification of data due to a missing capability check on the dismiss_ajax_call function. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss...
4.3CVSS
6.8AI Score
0.0004EPSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6.4CVSS
6.1AI Score
0.0004EPSS
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6.4CVSS
6AI Score
0.0004EPSS
Premium Addons for Elementor < 4.10.26 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6.5CVSS
6.1AI Score
0.0004EPSS
Premium Addons for Elementor < 4.10.31 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
5.4CVSS
6AI Score
0.0004EPSS
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’...
6.4CVSS
6AI Score
0.001EPSS
Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Countdown Widget
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
6.4CVSS
6AI Score
0.001EPSS
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
5.7AI Score
0.0004EPSS
The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated.....
5.4CVSS
5.4AI Score
0.0004EPSS
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes...
6.4CVSS
5.9AI Score
0.001EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’ parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output....
6.4CVSS
5.7AI Score
0.001EPSS
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes...
6.4CVSS
5.7AI Score
0.001EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’ parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output....
6.4CVSS
5.9AI Score
0.001EPSS
The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's...
4.3CVSS
5.2AI Score
0.0005EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
7.6AI Score
0.001EPSS
The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's...
4.3CVSS
4.7AI Score
0.0005EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above,....
6.4CVSS
5.9AI Score
0.001EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and including, 2.8.7 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
5.7AI Score
0.0004EPSS
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and including, 2.8.7 due to...
6.4CVSS
5.9AI Score
0.0004EPSS
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
5.7AI Score
0.0004EPSS
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...
4.3CVSS
6.3AI Score
0.001EPSS
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...
4.3CVSS
4.7AI Score
0.001EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.6AI Score
0.0004EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.0004EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping....
6.4CVSS
5.8AI Score
0.001EPSS
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
5.7AI Score
0.001EPSS
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...
5.3CVSS
6.7AI Score
0.001EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping....
6.4CVSS
6AI Score
0.001EPSS