Lucene search

K

Rife Elementor Extensions & Templates Security Vulnerabilities

zdt
zdt

Cacti Import Packages Remote Code Execution Exploit

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS

8.1AI Score

0.002EPSS

2024-06-13 12:00 AM
24
cve
cve

CVE-2024-2092

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS

5AI Score

0.001EPSS

2024-06-12 10:15 AM
20
nvd
nvd

CVE-2024-2092

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS

0.001EPSS

2024-06-12 10:15 AM
3
cvelist
cvelist

CVE-2024-2092 Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS

0.001EPSS

2024-06-12 09:33 AM
2
cve
cve

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-12 09:15 AM
20
nvd
nvd

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

6.4CVSS

0.001EPSS

2024-06-12 09:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 08:33 AM
cvelist
cvelist

CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on...

6.4CVSS

0.001EPSS

2024-06-12 08:33 AM
2
cve
cve

CVE-2024-3925

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-12 08:15 AM
21
nvd
nvd

CVE-2024-3925

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

0.0004EPSS

2024-06-12 08:15 AM
2
veracode
veracode

Cross Site Scripting (XSS)

html is vulnerable to Cross-Site Scripting (XSS). This vulnerability is due to improper validation which allows an attacker to introduction JavaScript code through tagged templates within the ghtml, allowing an attacker to inject and execute malicious JavaScript...

8.9CVSS

6.3AI Score

0.0004EPSS

2024-06-12 07:35 AM
cvelist
cvelist

CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...

6.4CVSS

0.0004EPSS

2024-06-12 07:32 AM
3
nvd
nvd

CVE-2024-5892

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

0.001EPSS

2024-06-12 06:15 AM
2
cve
cve

CVE-2024-5892

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 06:15 AM
17
cvelist
cvelist

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

0.001EPSS

2024-06-12 05:34 AM
vulnrichment
vulnrichment

CVE-2024-5892 Divi Torque Lite – Divi Theme and Extra Theme <= 3.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘support_unfiltered_files_upload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for.....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 05:34 AM
nvd
nvd

CVE-2024-5553

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

0.001EPSS

2024-06-12 04:15 AM
2
cve
cve

CVE-2024-5553

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

4.4AI Score

0.001EPSS

2024-06-12 04:15 AM
18
nvd
nvd

CVE-2024-4564

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to...

6.4CVSS

0.001EPSS

2024-06-12 04:15 AM
1
cve
cve

CVE-2024-4564

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-12 04:15 AM
17
cvelist
cvelist

CVE-2024-4564 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to...

6.4CVSS

0.001EPSS

2024-06-12 03:33 AM
vulnrichment
vulnrichment

CVE-2024-5553 Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

5.8AI Score

0.001EPSS

2024-06-12 03:09 AM
cvelist
cvelist

CVE-2024-5553 Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

0.001EPSS

2024-06-12 03:09 AM
1
wpvulndb
wpvulndb

LA-Studio Element Kit for Elementor < 1.3.7.4 - Missing Authorization

Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to perform an unauthorized...

8.8CVSS

6.7AI Score

0.001EPSS

2024-06-12 12:00 AM
veeam
veeam

Upgrading Veeam Kasten for Kubernetes Fails With Parse Error

Upgrading to Veeam Kasten for Kubernetes 6.5.3 or later fails with parse error at (k10/templates/v0services.yaml:128): function “continue” not...

7.1AI Score

2024-06-12 12:00 AM
packetstorm

7.4AI Score

2024-06-12 12:00 AM
40
cve
cve

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 09:15 PM
22
nvd
nvd

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 09:15 PM
1
cve
cve

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 09:15 PM
23
nvd
nvd

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.001EPSS

2024-06-11 09:15 PM
cvelist
cvelist

CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 08:33 PM
1
cvelist
cvelist

CVE-2024-4669 Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.001EPSS

2024-06-11 08:33 PM
2
nvd
nvd

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

0.0004EPSS

2024-06-11 07:16 PM
4
cve
cve

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

9.9AI Score

0.0004EPSS

2024-06-11 07:16 PM
29
osv
osv

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

8.3AI Score

0.0004EPSS

2024-06-11 07:16 PM
cvelist
cvelist

CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

0.0004EPSS

2024-06-11 06:34 PM
3
vulnrichment
vulnrichment

CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS

8AI Score

0.0004EPSS

2024-06-11 06:34 PM
cve
cve

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 02:15 PM
21
nvd
nvd

CVE-2024-5189

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

0.001EPSS

2024-06-11 02:15 PM
2
vulnrichment
vulnrichment

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-06-11 01:54 PM
cvelist
cvelist

CVE-2024-5189 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output...

6.4CVSS

0.001EPSS

2024-06-11 01:54 PM
1
thn
thn

Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...

9.8CVSS

8.9AI Score

0.975EPSS

2024-06-11 11:00 AM
1
malwarebytes
malwarebytes

Google&#8217;s Chrome changes make life harder for ad blockers

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual...

7AI Score

2024-06-11 10:45 AM
3
nuclei
nuclei

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

7.5CVSS

7.6AI Score

0.013EPSS

2024-06-11 10:28 AM
2
cve
cve

CVE-2023-33922

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-11 10:15 AM
23
nvd
nvd

CVE-2023-33922

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 10:15 AM
4
cvelist
cvelist

CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 09:17 AM
1
vulnrichment
vulnrichment

CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-11 09:17 AM
1
cve
cve

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-11 08:15 AM
22
nvd
nvd

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

0.001EPSS

2024-06-11 08:15 AM
3
Total number of security vulnerabilities35594