PT-2024-35910 · Unknown · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor versions prior to 2.2.3 is not mentioned, however, the version 2.2.2 is mentioned as affected, so we can say Themesflat Addons For Elementor versions through 2.2.2 Description: The issue is related to an Improp...

PT-2024-17445 · WordPress · Gold Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Gold Addons for Elementor plugin for WordPress versions up to, and including, 1.3.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the activate and deactivate functions. This makes it...

WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...

PT-2024-36090 · Unknown · Noor Alam Magical Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Noor alam Magical Addons For Elementor versions 1.2.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker...

WordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Xpro Elementor Addons versions = 1.4.6.5...

WordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin ABCBiz Addons and Templates for Elementor versions = 2.0.2...

WordPress Unlock Addons for Elementor plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab in WordPress Plugin Unlock Addons for Elementor versions = 2.2.3...

WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.7...

CVE-2024-10663 Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission

The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbyeformcallback function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

PT-2024-17362 · WordPress · Classic Addons – Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: Classic Addons – WPBakery Page Builder plugin for WordPress versions up to, and including, 3.0 Description: The issue allows authenticated attackers with Contributor-level access and above, and permissions granted by an Administrator, to...

WordPress plugin Classic Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39340 · WordPress · Wpbits Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: WPBITS Addons For Elementor Page Builder plugin for WordPress versions up to, and including, 1.5.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escapin...

WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.5.2...

WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission vulnerability

Missing Authorization to Authenticated Subscriber+ Deactivation Submission vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 1.8...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.5 fixed: IMAP could crash when reading cached messages fixed: Enabling "Show Folder Size" on Maildir profile could render Thunderbird unusable fixed: Messages corrupted by folder compaction were only fixed by...

CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Element Pack Elementor Addons Header Foote...

PT-2024-39394 · Elementor · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons versions up to 5.10.5 Description: The issue is related to stored cross-site scripting via the Lightbox widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

WordPress Element Pack Elementor Addons plugin <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Lightbox Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.5...

WordPress Magical Addons For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Magical Addons For Elementor versions = 1.3.6...