PT-2024-18484 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting via the plugin's IHover widget link due to insufficient input sanitization and output escaping on...

PT-2024-19368 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting via the Global Badge module due to insufficient input sanitization and output escaping. This allows...

WordPress Plugin Premium Addons PRO Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-19383 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting via the Premium Magic Scroll module due to insufficient input sanitization and output escaping. Thi...

PT-2024-18488 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the navigation dots parameter of the...

WordPress Plugin Premium Addons PRO Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-18485 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the premium fbchat app id parameter o...

WordPress Premium Addons PRO Plugin <= 2.9.12 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.12 Fixed in 2.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d43c6fdfdb0b Credits wesley wcraft...

Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module

Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget

Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2023-37868

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0...

Design/Logic Flaw

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0...

CVE-2023-37868 WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0...

CVE-2023-37868

CVE-2023-37868 concerns WordPress Premium Addons PRO (Leap13 Premium Addons PRO). Affected: Premium Addons PRO versions up to and including 2.9.0. Description: Exposure of sensitive information to an unauthorized actor. Root cause/source indicates information disclosure vulnerability in the plugi...

PT-2023-26149 · Unknown · Leap13 Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Leap13 Premium Addons PRO versions 2.9.0 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not...

CVE-2023-41236

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Happy addons Happy Elementor Addons Pro plugin = 2.8.0 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Happy addons Happy Elementor Addons Pro plugin = 2.8.0 versions...

CVE-2023-41236

CVE-2023-41236 affects Happy Elementor Addons Pro (WordPress) up to version 2.8.0, exposing unauthenticated reflected XSS. Patchstack assigns CVSS v3.1 vectors and basescore 7.1 (HIGH) with network access and user interaction required. Affected product: Happy Elementor Addons Pro; vulnerability t...

WordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Happy Elementor Addons Pro Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41236 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e3539666fdb Credits Rafie...

WordPress Premium Addons PRO Plugin <= 2.9.0 is vulnerable to Sensitive Data Exposure

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.0 Fixed in 2.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-37868 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61bc62d7d465 Credits Rafie Muhammad...