CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' markercontent parameter in all versions up to, and including, 5.10.2 due to insufficient input...

CVE-2024-9867

CVE-2024-9867 affects the Element Pack Elementor Addons for WordPress (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). It is a stored cross-site scripting vulnerability via the Open Map Widget’s marker_content parameter in all versions up to 5.10.2, caused by insufficien...

CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' markercontent parameter in all versions up to, and including, 5.10.2 due to insufficient input...

CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output...

CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output...

WordPress Element Pack Elementor Addons plugin <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 5.10.2...

WordPress Xpro Addons For Elementor plugin <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Elementor Template vulnerability discovered by Ankit Patel in WordPress Plugin Xpro Elementor Addons versions = 1.4.6...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin 140+ Widgets | Xpro Addons For Elementor – FREE 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin 140+ Widgets | Xpro...

WordPress Element Pack Elementor Addons Plugin <= 5.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.10.2 Fixed in 5.10.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9657 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff0e5049a Credits Webberna...

WordPress Xpro Elementor Addons Plugin <= 1.4.6 is vulnerable to Sensitive Data Exposure

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.6 Fixed in 1.4.6.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0357e93460dd Credits Ankit Patel...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.3...

CVE-2024-51680

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CrestaProject – Rizzo Andrea Cresta Addons for Elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through 1.0.9...

CVE-2024-51665

Server-Side Request Forgery SSRF vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through = 1.2.1...

CVE-2024-51665

Server-Side Request Forgery SSRF vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1...

CVE-2024-51680

CVE-2024-51680 : Stored XSS in Cresta Addons for Elementor (WordPress plugin)

CVE-2024-51680 WordPress Cresta Addons for Elementor plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through = 1.0.9...

CVE-2024-51680 WordPress Cresta Addons for Elementor plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through = 1.0.9...

CVE-2024-51665 WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through = 1.2.1...