Rife Elementor Extensions & Templates Security Vulnerabilities

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and...

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

Prime Mover < 1.9.3 - Sensitive Data Exposure

Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

CVE-2024-35724 WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

CVE-2024-35725 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

CVE-2024-35725 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure

Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data,....

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due.....

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php...

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and...

CVE-2024-32727

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

CVE-2024-32727

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

CVE-2024-32727 WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

CVE-2024-32727 WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through...

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2024-32783 WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2023-45188 IBM Engineering Lifecycle Optimization Publishing file upload

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35660 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35660 WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through...

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

CVE-2023-31080

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

CVE-2023-31080 WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

CVE-2023-31080 WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through...

CVE-2024-35702

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35703

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through...

CVE-2024-35703

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through...

CVE-2024-35702

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35688

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35688

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35688 WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35688 WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35702 WordPress Master Addons for Elementor plugin <= 2.0.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35702 WordPress Master Addons for Elementor plugin <= 2.0.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through...

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

CVE-2024-35709

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through...