CVE-2024-37520

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through = 2.1.12...

CVE-2024-25598

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3...

CVE-2024-7092

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomoreitemstext’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output...

CVE-2024-43960

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6...

CVE-2024-7247

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input...

CVE-2024-34547

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34...

CVE-2024-34570

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3...

CVE-2024-34764

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.15...

CVE-2024-25843

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-24831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.16...

CVE-2024-0838

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-0515

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the removefromcompare function. This makes it possible for unauthenticated attackers to...

CVE-2024-0513

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the removefromwishlist function. This makes it possible for unauthenticated attackers to...

CVE-2024-0514

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the addtocompare function. This makes it possible for unauthenticated attackers to add...

CVE-2024-0516

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update...

CVE-2024-0512

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the addtowishlist function. This makes it possible for unauthenticated attackers to add...

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" askforaquotemodul = 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods AskforaquotemodulcustomernewquoteModuleFrontController::ru...

CVE-2024-12852

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hacmctext' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2024-5344

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping...