Lucene search
K

7293 matches found

Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.9 views

PT-2024-28125 · Unknown · Noor Alam Magical Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Noor alam Magical Addons For Elementor versions 1.1.41 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.6AI score0.00317EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.6 views

PT-2024-28131

Name of the Vulnerable Software and Affected Versions Sky Addons for Elementor versions 2.5.5 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations Fo...

6.5CVSS5.4AI score0.0032EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.6 views

PT-2024-27828 · Unknown · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor versions 4.10.34 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.5AI score0.00263EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.4 views

PT-2024-28149 · Elementor · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.2.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.6AI score0.00261EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/19 12:59 p.m.2 views

WordPress Livemesh Addons for Beaver Builder plugin <= 3.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.6.1...

5.9CVSS6.1AI score0.0026EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/19 12:0 a.m.10 views

WordPress Livemesh Addons for Beaver Builder Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Beaver Builder Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38784 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 43cde8d51b14 Credits João Pedro S Alcântar...

5.9CVSS6.6AI score0.0026EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/07/18 9:15 a.m.0 views

CVE-2024-5554

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclickevent’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and outp...

6.5CVSS6.1AI score0.00337EPSS
Exploits0References4
NVD
NVD
added 2024/07/18 9:15 a.m.24 views

CVE-2024-5554

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclickevent’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and outp...

6.4CVSS0.00337EPSS
Exploits0References3
NVD
NVD
added 2024/07/18 9:15 a.m.31 views

CVE-2024-5555

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and...

6.4CVSS0.00499EPSS
Exploits0References3
CVE
CVE
added 2024/07/18 8:33 a.m.38 views

CVE-2024-5555

CVE-2024-5555 affects the Element Pack Elementor Addons (bdthemes-element-pack-lite) up to version 5.6.5, due to Stored XSS in the social-link-title parameter. The issue requires Contributor+ privileges and can cause arbitrary scripts to run when affected pages are viewed. Connected sources confi...

6.4CVSS6AI score0.00499EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/18 8:33 a.m.15 views

CVE-2024-5555 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00499EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/18 8:33 a.m.18 views

CVE-2024-5554 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclickevent’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and outp...

6.4CVSS0.00337EPSS
Exploits0References3
CVE
CVE
added 2024/07/18 8:33 a.m.36 views

CVE-2024-5554

CVE-2024-5554 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting via the onclick_event parameter in all versions up to and including 5.6.11, caused by insufficient...

6.4CVSS6.1AI score0.00337EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.3 views

PT-2024-36543 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.11 Description: The issue is related to Stored Cross-Site Scripting via the onclick event parameter due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00337EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/07/18 12:0 a.m.13 views

WordPress Element Pack Elementor Addons Plugin <= 5.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5555 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f61d9ad47cc9 Credits João Pedro...

6.4CVSS5.8AI score0.00499EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.6 views

PT-2024-36549 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to Stored Cross-Site Scripting via the social-link-title parameter due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00499EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/07/18 12:0 a.m.23 views

WordPress Elements kit Elementor addons Plugin <= 3.2.0 is vulnerable to Sensitive Data Exposure

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6455 Patch priority Low CVSS severity Low 5.3 Developer Wpmet PSID b000113e05e5 Credits stealthcopter Required...

5.3CVSS6.6AI score0.00396EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/07/17 7:15 a.m.4 views

CVE-2024-5252

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2024/07/17 7:15 a.m.4 views

CVE-2024-5252

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 7:15 a.m.32 views

CVE-2024-5251

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00295EPSS
Exploits0References2
Rows per page
Query Builder