Lucene search
K

7293 matches found

Cvelist
Cvelist
added 2024/10/16 1:27 p.m.23 views

CVE-2024-49251 WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through = 1.0.1...

7.5CVSS0.00555EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/16 1:27 p.m.22 views

CVE-2024-49251 WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability

: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1...

7.5CVSS7.6AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 1:15 p.m.6 views

CVE-2024-49271

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows : Command Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a...

7.2CVSS5.8AI score0.01114EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 10:15 a.m.2 views

CVE-2024-9444

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

5.4CVSS5.9AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2024/10/16 10:15 a.m.22 views

CVE-2024-9444

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS0.00302EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/16 9:32 a.m.18 views

CVE-2024-9444 ElementsReady Addons for Elementor <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS0.00302EPSS
Exploits0References4
OSV
OSV
added 2024/10/16 7:15 a.m.3 views

CVE-2021-4447

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers wi...

8.8CVSS5.7AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 7:15 a.m.3 views

CVE-2021-4445

The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...

4.3CVSS5.9AI score0.00385EPSS
Exploits1References5
OSV
OSV
added 2024/10/16 7:15 a.m.4 views

CVE-2021-4446

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform...

4.3CVSS5.8AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 7:15 a.m.22 views

CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS0.01342EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 7:15 a.m.5 views

CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS5.9AI score0.01342EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.28 views

CVE-2021-4445 Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update

The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...

6.5CVSS0.00385EPSS
Exploits1References5
CVE
CVE
added 2024/10/16 6:43 a.m.62 views

CVE-2021-4445

The CVE-2021-4445 vulnerability affects the WordPress plugin Premium Addons for Elementor (versions up to and including 4.5.1). The root cause is missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action, allowing authenticated subscriber+ attackers to perform Arbitrary Optio...

6.5CVSS6.2AI score0.00385EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.12 views

CVE-2021-4448 Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

7.3CVSS7.2AI score0.01342EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.23 views

CVE-2021-4448 Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

7.3CVSS0.01342EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 6:43 a.m.59 views

CVE-2021-4448

Summary (CVE-2021-4448) Kaswara Modern VC Addons for WordPress is affected up to version 3.0.1 by an authorization bypass due to insufficient capability checks on multiple AJAX actions. This allows unauthenticated attackers to perform unauthorized actions such as importing data and uploading or d...

9.8CVSS7.3AI score0.01342EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.14 views

CVE-2021-4446 Essential Addons for Elementor <= 4.6.4 - Missing Authorization

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform...

6.3CVSS6.8AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 6:15 a.m.24 views

CVE-2024-9888

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

5.4CVSS0.00256EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 6:15 a.m.2 views

CVE-2024-9888

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

5.4CVSS5.9AI score0.00256EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 5:31 a.m.49 views

CVE-2024-9888

The CVE-2024-9888 entry concerns the WordPress plugin ElementInvader Addons for Elementor. A Stored Cross-Site Scripting (XSS) vulnerability exists in the plugin’s contact form widget redirect URL due to insufficient input sanitization and output escaping on user-supplied attributes. Affected ver...

5.4CVSS5.3AI score0.00256EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder