24 matches found
CVE-2026-2949
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2949
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2949
The CVE-2026-2949 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Xpro Addons — 140+ Widgets for Elementor . The issue affects versions up to and including 1.4.24 , caused by insufficient input sanitization and output escaping in the Icon Box widget. Exploitati...
CVE-2026-2949 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Xpro Addons — 140+ Widgets for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2026-9819
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
CVE-2026-1720
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check in the install_and_active_plugin function in all versions up to 1.4.24. This allows authenticated users with Subscriber-level access and above to i...
CVE-2026-1720 WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...
PT-2026-23448
The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'install and active plugin' function in all versions up to, and including, 1.4.24...
CVE-2025-14149
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied...
EUVD-2025-208127
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-14149
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-14149 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-14149 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied...
PT-2026-22307
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link attribute in all versions up to, and including, 1.4.24 due to insufficient input sanitization and output escaping on user supplied...
WordPress Support Genix Plugin <= 1.4.23 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Support Genix versions = 1.4.23...
CVE-2024-24272
An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret...
iTop DualSafe Password Manager & Digital Vault 安全漏洞
iTop DualSafe Password Manager & Digital Vault is a password manager extension from iTop Inc. A security vulnerability exists in iTop DualSafe Password Manager & Digital Vault versions prior to 1.4.24, which originated from a vulnerability that allows a local attacker to gain access to sensitive...
CVE-2023-4291
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution RCE vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device...
Frauscher Sensortechnik FDS101 v1.4.24 Code Injection Vulnerability
Frauscher Sensortechnik FDS101 is a diagnostic system device from Frauscher. A code injection vulnerability exists in Frauscher Sensortechnik FDS101 v1.4.24, which stems from the presence of a remote code execution RCE vulnerability...