WordPress Cowidgets – Elementor Addons plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Cowidgets – Elementor Addons versions = 1.2.0...

WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Devnex Addons For Elementor versions = 1.0.9...

WordPress Best Addons for Elementor plugin <=1.0.5 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Best Addons for Elementor versions = 1.0.5...

CVE-2024-52496

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-52496

CVE-2024-52496 concerns WordPress plugin Absolute Addons For Elementor (1.0.14.

CVE-2024-52496 WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-52496 WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-10798 Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers,...

CVE-2024-10493

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the...

CVE-2024-10493

The CVE-2024-10493 affects Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) for WordPress prior to 5.10.3. It stems from insufficient validation/escaping of certain block options, allowing Stored XSS by users with contributor+ permissions w...

WordPress plugin Absolute Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Royal Elementor Addons and Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16557 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1003 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

WordPress plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-35337 · Elementor · Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Absolute Addons For Elementor versions 1.0.14 and earlier Description: The issue is related to improper control of filenames for include/require statements in PHP programs, also known as PHP Remote File Inclusion. This allows for Local Code...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.7.1003...

Malicious code in web-framework-addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5274032fc0a53368c86dc7ddfbf044a3eaf831203e6b9f1df908fa32ba29050c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11017 Malicious code in web-framework-addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5274032fc0a53368c86dc7ddfbf044a3eaf831203e6b9f1df908fa32ba29050c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Royal Elementor Addons Plugin <= 1.7.1003 is vulnerable to Broken Access Control

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.7.1003 Fixed in 1.7.1004 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10798 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID d20124b7cf36 Credits...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Form Builder Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...