7293 matches found
WordPress Element Pack Elementor Addons plugin <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read vulnerability
Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 5.7.2...
WordPress Element Pack Elementor Addons Plugin <= 5.7.2 is vulnerable to Arbitrary File Download
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2024-4359 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID da58af1324ba Credits Webbernaut...
PT-2024-30602 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.7.2 Description: The issue allows authenticated attackers with contributor-level access and above to read the contents of arbitrary files on the server,...
WordPress Element Pack Elementor Addons Plugin <= 5.7.6 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.7.6 Fixed in 5.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4360 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b1a260751a26 Credits Ngô Thiên ...
WordPress Enter Addons Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Enter Addons Type Plugin Vulnerable versions = 2.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43225 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f8faf3c8e7a9 Credits Michael Required privilege Contributor...
PT-2024-30603 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.7.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping o...
CVE-2024-6824
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
CVE-2024-6824
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
CVE-2024-6824
CVE-2024-6824 affects Premium Addons for Elementor (WordPress). A missing capability check in check_temp_validity and update_template_title across all versions up to 4.10.38 allows authenticated attackers with Contributor-level access and above to delete arbitrary content and modify post/page tit...
WordPress Premium Addons for Elementor plugin <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Content Deletion and Arbitrary Title Update vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.38...
WordPress Premium Addons for Elementor Plugin <= 4.10.38 is vulnerable to Broken Access Control
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.38 Fixed in 4.10.39 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6824 Patch priority Low CVSS severity Low 4.3 Developer LeapWorx PSID 316a5e4aa224 Credits stealthcopter Requir...
WordPress plugin Premium Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...
PT-2024-37888 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.38 Description: The issue is related to a missing capability check on the check temp validity and update template title functions. This allows authenticated...
WordPress Ultimate Addons for Beaver Builder – Lite plugin <= 1.5.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.9...
WordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Xpro Elementor Addons versions = 1.4.4.2...
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
Upstream kernel version 6.6.43 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
WordPress Xpro Elementor Addons Plugin <= 1.4.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.4.2 Fixed in 1.4.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43150 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 53be3ecd3562 Credits Khalid Yusuf Required...
WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Addons for Beaver Builder – Lite Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.5.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43151 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a2ad79bb3d87 Credits Khalid Yusu...
CVE-2024-4643
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...