7293 matches found
WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementsReady Addons for Elementor versions = 6.4.3...
PT-2024-33389 · Unknown · Anant Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Maan Addons For Elementor versions 1.0.1 and earlier Description: The issue involves improper control of the filename for include/require statements in PHP programs, also known as PHP Remote File Inclusion. This allows for Local Code Inclusio...
WordPress plugin Premium Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2024-39637 · WordPress · Elementsready Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor plugin for WordPress versions up to, and including, 6.4.3 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. Thi...
WordPress Royal Elementor Addons Plugin <= 1.3.986 is vulnerable to Sensitive Data Exposure
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.986 Fixed in 1.3.987 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-7417 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 4060f71c187f Credits stealthcopter Required...
WordPress plugin ElementInvader Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Kaswara Modern VC Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Maan Addons For Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Essential Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin ElementsReady Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress ElementInvader Addons for Elementor plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin ElementInvader Addons for Elementor versions = 1.2.8...
WordPress Themesflat Addons For Elementor plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin themesflat-addons-for-elementor versions = 2.2.0...
WordPress Exclusive Addons for Elementor plugin <= 2.7.1 - Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.7.1...
WordPress Themesflat Addons For Elementor Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Themesflat Addons For Elementor Type Plugin Vulnerable versions = 2.2.0 Fixed in 2.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49310 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 559ccc1edd02 Credits João Pedro S Alcântara...
WordPress ElementInvader Addons for Elementor Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)
Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.8 Fixed in 1.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2293b37c11ea Credits Coli...
VulnCheck KEV: CVE-2021-4448
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...
WordPress Exclusive Addons Elementor Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Exclusive Addons Elementor Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49292 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 98088c8c1037 Credits Robert DeVore Required...
VulnCheck KEV: CVE-2021-4446
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...
PT-2024-11041 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor versions up to, and including, 4.5.1 Premium Addons for Elementor versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c Description: The issue is due to missing capability and nonce checks in the pa dismiss admin...
VulnCheck KEV: CVE-2021-4445
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...