PT-2024-36760 · Leap13 · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor versions prior to 4.10.57 Description: The issue is related to a missing authorization vulnerability in the Leap13 Premium Addons for Elementor, which allows accessing functionality not properly constrained by...

WordPress Move Addons for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Move Addons for Elementor versions = 1.3.6...

WordPress Enter Addons plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Enter Addons versions = 2.1.9...

WordPress Elementor Header & Footer Builder plugin <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Page Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.46...

WordPress Element Pack Elementor Addons plugin <= 5.10.12 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by WordFence in WordPress Plugin Element Pack Elementor Addons versions = 5.10.12...

CVE-2024-11852

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

CVE-2024-11852

CVE-2024-11852 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress. The root cause is a missing capability check in the get_layouts() function, present in all versions up to and including 5.10.12. This allows a...

CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getlayouts function in all versions up to, and including, 5.10.12. This makes it...

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...

WordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...

WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Premium Addons for Elementor versions = 4.10.56...

WordPress WPMozo Addons Lite for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin WPMozo Addons Lite for Elementor versions = 1.2.0...

WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.3.0...

WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Essential Addons for Elementor versions = 6.0.7...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Royal Elementor Addons versions = 1.3.987...

CVE-2024-12340

The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with...

CVE-2024-12340 Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template

The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with...

WordPress Animation Addons for Elementor plugin <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template vulnerability discovered by Ankit Patel in WordPress Plugin Animation Addons for Elementor versions = 1.1.6...