Lucene search

K

Rife Elementor Extensions & Templates Security Vulnerabilities

cvelist
cvelist

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

0.001EPSS

2024-06-11 07:32 AM
1
vulnrichment
vulnrichment

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

6.8AI Score

0.001EPSS

2024-06-11 07:32 AM
cve
cve

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 05:15 AM
24
nvd
nvd

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

0.001EPSS

2024-06-11 05:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 04:32 AM
cvelist
cvelist

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

0.001EPSS

2024-06-11 04:32 AM
1
nessus
nessus

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0156-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0156-1 advisory. Update to 110.0.5130.64 * CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 * DNA-116317 Create outline or shadow...

9.6CVSS

8AI Score

0.003EPSS

2024-06-11 12:00 AM
wpvulndb
wpvulndb

Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Local File Inclusion

Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-11 12:00 AM
cve
cve

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

7.6AI Score

0.0004EPSS

2024-06-10 10:15 PM
24
nvd
nvd

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

0.0004EPSS

2024-06-10 10:15 PM
4
osv
osv

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

5.5AI Score

0.0004EPSS

2024-06-10 10:15 PM
cvelist
cvelist

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

0.0004EPSS

2024-06-10 09:29 PM
2
vulnrichment
vulnrichment

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated.....

8.9CVSS

5.4AI Score

0.0004EPSS

2024-06-10 09:29 PM
1
nuclei
nuclei

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...

6.7AI Score

0.001EPSS

2024-06-10 08:19 PM
2
nuclei
nuclei

Payment Gateway for Telcell < 2.0.4 - Open Redirect

The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect...

6.8AI Score

EPSS

2024-06-10 08:16 PM
thn
thn

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...

7.5AI Score

2024-06-10 03:24 PM
1
cve
cve

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and...

7.7AI Score

0.0004EPSS

2024-06-10 03:15 PM
25
nvd
nvd

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 03:15 PM
2
nvd
nvd

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and...

0.0004EPSS

2024-06-10 03:15 PM
4
cve
cve

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

8AI Score

0.0004EPSS

2024-06-10 03:15 PM
21
nuclei
nuclei

Prime Mover < 1.9.3 - Sensitive Data Exposure

Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...

7.5CVSS

6.7AI Score

0.003EPSS

2024-06-10 11:52 AM
cve
cve

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
21
nvd
nvd

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
2
cve
cve

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
22
nvd
nvd

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

8.8CVSS

0.001EPSS

2024-06-10 08:15 AM
vulnrichment
vulnrichment

CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

4.3CVSS

7AI Score

0.001EPSS

2024-06-10 07:49 AM
cvelist
cvelist

CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

4.3CVSS

0.001EPSS

2024-06-10 07:49 AM
1
cvelist
cvelist

CVE-2024-35725 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

4.3CVSS

0.001EPSS

2024-06-10 07:48 AM
2
vulnrichment
vulnrichment

CVE-2024-35725 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

4.3CVSS

7AI Score

0.001EPSS

2024-06-10 07:48 AM
cvelist
cvelist

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

0.0004EPSS

2024-06-10 12:00 AM
cvelist
cvelist

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and...

0.0004EPSS

2024-06-10 12:00 AM
cve
cve

CVE-2024-32727

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-09 03:16 PM
29
nvd
nvd

CVE-2024-32727

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 03:16 PM
3
vulnrichment
vulnrichment

CVE-2024-32727 WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-09 03:02 PM
cvelist
cvelist

CVE-2024-32727 WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 03:02 PM
cve
cve

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
nvd
nvd

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
3
nvd
nvd

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

0.0004EPSS

2024-06-09 01:15 PM
2
cve
cve

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
22
cvelist
cvelist

CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-09 01:03 PM
3
cvelist
cvelist

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

0.0004EPSS

2024-06-09 12:15 PM
vulnrichment
vulnrichment

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

6.5CVSS

7.6AI Score

0.0004EPSS

2024-06-09 12:15 PM
1
nvd
nvd

CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-09 12:15 PM
3
cve
cve

CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-09 12:15 PM
24
vulnrichment
vulnrichment

CVE-2024-35660 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-09 11:56 AM
cvelist
cvelist

CVE-2024-35660 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-09 11:56 AM
1
nvd
nvd

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

0.0004EPSS

2024-06-09 10:15 AM
3
cve
cve

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-09 10:15 AM
26
vulnrichment
vulnrichment

CVE-2023-31080 WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

7AI Score

0.0004EPSS

2024-06-09 09:27 AM
cvelist
cvelist

CVE-2023-31080 WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

8.3CVSS

0.0004EPSS

2024-06-09 09:27 AM
3
Total number of security vulnerabilities35594