Malicious code in addons-pm (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-11829

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...

CVE-2024-11829

CVE-2024-11829 — The Plus Addons for Elementor Page Builder (WordPress) is affected by a Stored Cross-Site Scripting (XSS) via the Table Widget’s searchable_label parameter in all versions up to and including 6.1.8. An attacker with Contributor-level access or higher can inject arbitrary scripts ...

CVE-2024-11829 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...

CVE-2024-11829 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...

CVE-2024-13547

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13547 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13547

Summary (CVE-2024-13547): The WordPress plugin aThemes Addons for Elementor is affected by a Stored Cross-Site Scripting (Stored XSS) in the Image Accordion widget. The flaw exists in all versions up to and including 1.0.12 due to insufficient input sanitization and output escaping. An attacker w...

CVE-2024-13547 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress aThemes Addons for Elementor plugin <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv in WordPress Plugin aThemes Addons for Elementor versions = 1.0.12...

MGASA-2025-0030 Updated kernel, kmod-virtualbox, kmod-xtables-addons & dwarves packages fix security vulnerabilities

Upstream kernel version 6.6.74 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...

WordPress ThemeREX Addons plugin <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data vulnerability

Unauthenticated Arbitrary File Upload in trxaddonsuploadssavedata vulnerability discovered by Tonn in WordPress Plugin ThemeREX Addons versions = 2.32.3...

CVE-2024-13448

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2024-13448

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2024-13448 ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2024-13448 ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trxaddonsuploadssavedata' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2024-13448

CVE-2024-13448 affects the ThemeREX Addons WordPress plugin via arbitrary file uploads due to missing file type validation in trx_addons_uploads_save_data, affecting all versions up to 2.32.3. Unauthenticated upload could lead to remote code execution. Red Hat and other sources indicate remediati...

WordPress plugin ThemeREX Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...