WordPress Sky Addons for Elementor plugin <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Content Switcher Widget Elementor Template vulnerability discovered by Nishiv in WordPress Plugin Sky Addons for Elementor versions = 2.6.1...

WordPress Sky Addons for Elementor plugin <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin Sky Addons for Elementor versions = 2.6.2...

WordPress Sky Addons for Elementor plugin <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Limited Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin Sky Addons for Elementor versions = 2.6.1...

CVE-2024-9542

The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-9542

The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-9542

The CVE-2024-9542 entry concerns the WordPress plugin Sky Addons for Elementor. The vulnerability exists in all versions up to and including 2.6.1 and is triggered by the render function in modules/content-switcher/widgets/content-switcher.php. It permits authenticated attackers with Contributor-...

CVE-2024-10696

CVE-2024-10696 affects UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. Versions

CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

WordPress plugin Sky Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress Sky Addons for Elementor Plugin <= 2.6.1 is vulnerable to Sensitive Data Exposure

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9542 Patch priority Low CVSS severity Low 4.3 Developer Shahidul Islam PSID d2ce76706206 Credits Nishiv Required...

WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Absolute Addons For Elementor versions = 1.0.14...

CVE-2024-10365

Summary: CVE-2024-10365 affects The Plus Addons for Elementor (WordPress plugin) up to version 6.0.3 and causes Sensitive Information Exposure via the render function used by multiple widgets (e.g., tp_carousel_anything.php, tp_page_scroll.php). Impact: authenticated attackers with Contributor-le...

CVE-2024-10365 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...

WordPress Absolute Addons For Elementor Plugin <= 1.0.14 is vulnerable to Local File Inclusion

Software Absolute Addons For Elementor Type Plugin Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52496 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 8fa5adc3e92a Credits João Pedro S Alcântara Kinort...

WordPress plugin The Plus Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2024-30424

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.4...

CVE-2024-30424

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM wpzoom-addons-for-beaver-builder allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through = 1.3.4...

CVE-2024-30424

CVE-2024-30424 corresponds to a Stored XSS in the WPZOOM Beaver Builder Addons for WordPress, affecting versions up to 1.3.4. The Red Hat/NVD entries and multiple sources consistently identify the root cause as insufficient input sanitization and output escaping in the Heading widget, enabling au...

WordPress The Plus Addons for Elementor plugin <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Elementor Templates vulnerability discovered by Ankit Patel in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.0.3...