Lucene search

K

Rife Elementor Extensions & Templates Security Vulnerabilities

cve
cve

CVE-2024-2484

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-22 02:15 AM
3
nvd
nvd

CVE-2024-2484

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS

0.001EPSS

2024-06-22 02:15 AM
2
cvelist
cvelist

CVE-2024-4313 Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter

The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

0.001EPSS

2024-06-22 02:01 AM
4
cvelist
cvelist

CVE-2024-2484 Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

0.001EPSS

2024-06-22 02:01 AM
4
thn
thn

How to Use Tines's SOC Automation Capability Matrix

Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...

7AI Score

2024-06-21 11:00 AM
37
githubexploit
githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder

WordPress Plugin - Elementor 3.6.0 3.6.1 3.6.2 Thực thi mã từ...

8.8CVSS

7AI Score

0.96EPSS

2024-06-21 10:05 AM
100
cve
cve

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-21 04:15 AM
22
nvd
nvd

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

0.0004EPSS

2024-06-21 04:15 AM
2
cvelist
cvelist

CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

0.0004EPSS

2024-06-21 03:24 AM
5
vulnrichment
vulnrichment

CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....

8.8CVSS

7.7AI Score

0.0004EPSS

2024-06-21 03:24 AM
nvd
nvd

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

0.0005EPSS

2024-06-21 02:15 AM
2
cve
cve

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

6AI Score

0.0005EPSS

2024-06-21 02:15 AM
19
cvelist
cvelist

CVE-2024-5344 The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping....

6.1CVSS

0.0005EPSS

2024-06-21 02:05 AM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.3AI Score

EPSS

2024-06-20 01:40 PM
4
cve
cve

CVE-2024-5036

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-20 11:15 AM
20
nvd
nvd

CVE-2024-5036

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

0.001EPSS

2024-06-20 11:15 AM
4
cvelist
cvelist

CVE-2024-5036 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.5.4 due to insufficient input...

6.4CVSS

0.001EPSS

2024-06-20 11:06 AM
nuclei
nuclei

XWiki < 14.10.14 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a...

9.6CVSS

6.5AI Score

0.598EPSS

2024-06-20 10:22 AM
1
nuclei
nuclei

XWiki < 14.10.14 - Cross-Site Scripting

XWiki is vulnerable to reflected cross-site scripting (RXSS) via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the....

9.6CVSS

7AI Score

0.005EPSS

2024-06-20 10:20 AM
7
veracode
veracode

SQL Injection

magento/community-edition is vulnerable to SQL Injection. The vulnerability is due to improper user input sanitization in email templates, allowing an authenticated user with access to these templates to send malicious SQL queries and gain access to sensitive database...

6.5CVSS

7.1AI Score

0.001EPSS

2024-06-20 10:09 AM
1
veracode
veracode

SQL Injection

Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email...

8.8CVSS

8.1AI Score

0.001EPSS

2024-06-20 08:38 AM
8
thn
thn

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...

7AI Score

2024-06-20 08:09 AM
8
cve
cve

CVE-2024-5686

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-20 04:15 AM
26
nvd
nvd

CVE-2024-5686

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....

6.4CVSS

0.001EPSS

2024-06-20 04:15 AM
4
cvelist
cvelist

CVE-2024-5686 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes....

6.4CVSS

0.001EPSS

2024-06-20 03:37 AM
6
nvd
nvd

CVE-2024-4626

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

0.0004EPSS

2024-06-20 02:15 AM
4
cve
cve

CVE-2024-4626

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-20 02:15 AM
24
cvelist
cvelist

CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_type’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

0.0004EPSS

2024-06-20 02:08 AM
5
nvd
nvd

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

0.0004EPSS

2024-06-19 09:15 PM
3
cve
cve

CVE-2024-33836

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method...

6.7AI Score

0.0004EPSS

2024-06-19 09:15 PM
22
githubexploit
githubexploit

Exploit for CVE-2023-47504

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-19 06:07 PM
113
nvd
nvd

CVE-2023-41805

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-19 01:15 PM
2
cve
cve

CVE-2023-41805

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-19 01:15 PM
24
nvd
nvd

CVE-2023-39993

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-19 01:15 PM
3
cve
cve

CVE-2023-39993

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-19 01:15 PM
30
nvd
nvd

CVE-2023-35050

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-19 01:15 PM
2
cve
cve

CVE-2023-35050

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-19 01:15 PM
25
cvelist
cvelist

CVE-2023-35050 WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-19 12:28 PM
3
cvelist
cvelist

CVE-2023-41805 Broken Access Control vulnerability in multiple Brainstorm Force plugins

Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-19 12:25 PM
3
cve
cve

CVE-2023-40004

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-19 12:15 PM
36
nvd
nvd

CVE-2023-40004

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

7.3CVSS

0.0004EPSS

2024-06-19 12:15 PM
5
vulnrichment
vulnrichment

CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-19 12:07 PM
cvelist
cvelist

CVE-2023-39993 WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-19 12:07 PM
5
vulnrichment
vulnrichment

CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

7.3CVSS

7.4AI Score

0.0004EPSS

2024-06-19 12:03 PM
cvelist
cvelist

CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

7.3CVSS

0.0004EPSS

2024-06-19 12:03 PM
3
nvd
nvd

CVE-2023-48761

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-19 11:15 AM
4
nvd
nvd

CVE-2023-48759

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-19 11:15 AM
5
nvd
nvd

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

8.2CVSS

0.0004EPSS

2024-06-19 11:15 AM
3
cve
cve

CVE-2023-48759

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-19 11:15 AM
2493
cve
cve

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-19 11:15 AM
25
Total number of security vulnerabilities35838