Lucene search
K

7293 matches found

Cvelist
Cvelist
added 2024/07/12 12:46 p.m.26 views

CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2024/07/12 12:46 p.m.50 views

CVE-2024-6495

CVE-2024-6495 refers to a Stored DOM-based Cross-Site Scripting vulnerability in the Premium Addons for Elementor WordPress plugin (versions up to 4.10.36) due to insufficient input sanitization and output escaping in the Animated Text widget. Exploitation requires authenticated access (contribut...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/12 12:46 p.m.12 views

CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00311EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/12 6:55 a.m.5 views

WordPress Premium Addons for Elementor plugin <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.36...

6.4CVSS6.1AI score0.00311EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.2 views

WordPress plugin Premium Addons for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in th...

6.4CVSS6.5AI score0.00311EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/07/11 12:27 p.m.5 views

WordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Magical Addons For Elementor versions = 1.1.41...

6.4CVSS7AI score0.0021EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/11 10:39 a.m.2 views

WordPress Master Addons for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Master Addons for Elementor versions = 2.0.6.2...

5.9CVSS6.1AI score0.0026EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/11 10:25 a.m.4 views

WordPress ElementInvader Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin ElementInvader Addons for Elementor versions = 1.2.4...

6.5CVSS6.1AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.8 views

WordPress Magical Addons For Elementor Plugin <= 1.1.41 is vulnerable to Server Side Request Forgery (SSRF)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.41 Fixed in 1.1.42 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38730 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID fde356989d5f...

6.4CVSS6.7AI score0.0021EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.11 views

WordPress ElementInvader Addons for Elementor Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software ElementInvader Addons for Elementor Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38705 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 746db74502e1 Credits Michael Required...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/10 2:58 p.m.3 views

WordPress Sky Addons for Elementor plugin <= 2.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Sky Addons for Elementor versions = 2.5.5...

6.5CVSS6.1AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/10 2:37 p.m.4 views

WordPress Magical Addons For Elementor plugin <= 1.1.41 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SouzaZinn Patchstack Alliance in WordPress Plugin Magical Addons For Elementor versions = 1.1.41...

6.5CVSS6.1AI score0.00317EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/10 8:30 a.m.5 views

WordPress WPBITS Addons For Elementor plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.5...

6.5CVSS5.8AI score0.0016EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/10 2:2 a.m.14 views

CVE-2024-4866 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input...

6.4CVSS6.1AI score0.00366EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.4 views

PT-2024-33179 · WordPress · Ultraaddons

Name of the Vulnerable Software and Affected Versions: UltraAddons – Elementor Addons plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00366EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.12 views

WordPress SKT Addons for Elementor Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software SKT Addons for Elementor Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38674 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 02254511f638 Credits 4rCanJ0x! Required privilege...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.10 views

WordPress Magical Addons For Elementor Plugin <= 1.1.41 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.41 Fixed in 1.1.42 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38681 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3c7be40ba089 Credits SouzaZinn Required...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.13 views

WordPress Sky Addons for Elementor Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.5.5 Fixed in 2.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-38687 Patch priority Low CVSS severity Low 6.5 Developer Shahidul Islam PSID d7729ac64aec Credits Khalid Yusuf Required privileg...

6.5CVSS6.6AI score0.0032EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/10 12:0 a.m.10 views

WordPress WPBITS Addons For Elementor Page Builder Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software WPBITS Addons For Elementor Page Builder Type Plugin Vulnerable versions = 1.5 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37945 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6f6499d9aa17 Credits Michael Require...

6.5AI score0.0016EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/07/09 1:15 p.m.24 views

CVE-2024-37520

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through = 2.1.12...

8.8CVSS0.00577EPSS
Exploits0References2
Rows per page
Query Builder