Post Grid, Slider & Carousel Ultimate Security Vulnerabilities

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due....

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes....

Events Addon for Elementor < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

CVE-2024-35717

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

CVE-2024-35717

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

CVE-2024-35717 WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

CVE-2024-35722 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

CVE-2024-35722 WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-32820

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-32820 WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through...

CVE-2024-31246

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...

CVE-2024-31246

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...

CVE-2024-31246 WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through...

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

CVE-2024-35713 WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

CVE-2024-35739

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

CVE-2024-35739

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

CVE-2024-35739 WordPress The Post Grid plugin <= 7.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through...

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5091 SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of.....

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

CVE-2024-4042

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3288 Logo Slider < 4.0.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3288 Logo Slider < 4.0.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...