Lucene search
K

203 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.8 views

CVE-2024-1422

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.8AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.6 views

CVE-2024-7122

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.5 views

CVE-2024-4570

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.4 views

CVE-2024-4569

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.5 views

CVE-2024-3743

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. Th...

6.4CVSS6AI score0.00572EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:17 a.m.4 views

CVE-2024-30422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through = 1.13.1...

6.5CVSS7.2AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.5 views

CVE-2024-47361

Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through = 1.13.6...

8.8CVSS5.9AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1392

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS5AI score0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.11 views

CVE-2024-0834

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

6.4CVSS5.8AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.9 views

CVE-2024-13215

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS4.3AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:47 a.m.11 views

CVE-2023-4723

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

5.3CVSS6.8AI score0.00927EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.4 views

CVE-2023-5381

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS6AI score0.00496EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.9 views

CVE-2021-24259

The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS5.6AI score0.0059EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/19 12:0 a.m.10 views

WordPress Elementor Addon Elements Plugin < 1.12.12 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webtechstreet:elementoraddonelements"; ifdescription...

6.4CVSS6.3AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:29 a.m.17 views

CVE-2024-1358

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...

8.8CVSS6.6AI score0.01235EPSS
Exploits0References1
OSV
OSV
added 2025/01/15 1:15 p.m.5 views

CVE-2024-13215

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS7.3AI score0.00503EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/15 12:44 p.m.27 views

CVE-2024-13215 Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS0.00503EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/15 12:44 p.m.11 views

CVE-2024-13215 Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS4.4AI score0.00503EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/15 7:17 a.m.6 views

WordPress Elementor Addon Elements plugin <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Modal Popup vulnerability discovered by Ankit Patel in WordPress Plugin Elementor Addon Elements versions = 1.13.10...

4.3CVSS7AI score0.00503EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.4 views

WordPress plugin Elementor Addon Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.3CVSS8.2AI score0.00503EPSS
Exploits0References4
Rows per page
Query Builder