26 matches found
CVE-2025-31046
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29...
CVE-2025-31046
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29...
CVE-2025-31046
CVE-2025-31046 affects the WordPress plugin WPvibes AnyWhere Elementor Pro up to version 2.29. The issue is a Missing Authorization / Broken Access Control vulnerability, allowing exploitation due to incorrectly configured access control security levels. Public sources in connected documents cons...
CVE-2025-31046 WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29...
CVE-2025-31046 WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29...
WordPress plugin AnyWhere Elementor Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1263
Name of the Vulnerable Software and Affected Versions WPvibes AnyWhere Elementor Pro versions through 2.29 Description An authorization issue exists in WPvibes AnyWhere Elementor Pro, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update WPvibe...
EUVD-2023-12497
Malicious code in bioql PyPI...
WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Theme AnyWhere Elementor Pro versions = 2.29...
WordPress AnyWhere Elementor Pro Theme <= 2.29 is vulnerable to Broken Access Control
Software AnyWhere Elementor Pro Type Theme Vulnerable versions = 2.29 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-31046 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 628f90def353 Credits Anhchangmutrang Required...
CVE-2024-10777
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERTELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10777 AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERTELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10777
CVE-2024-10777 (AnyWhere Elementor
WordPress plugin AnyWhere Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-16536 · WordPress · Anywhere Elementor
Name of the Vulnerable Software and Affected Versions: AnyWhere Elementor plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that...
WordPress AnyWhere Elementor plugin <= 1.2.11 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin AnyWhere Elementor versions = 1.2.11...
WordPress AnyWhere Elementor Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)
Software AnyWhere Elementor Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WPVibes PSID 929510fc606c Credits Rafie Muhammad Patchstack Required...
CVE-2023-0443
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...
CVE-2023-0443 AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked...
CVE-2023-0443
The CVE-2023-0443 entry concerns the AnyWhere Elementor WordPress plugin before version 1.2.8 which disclosed a Freemius Secret Key. According to sources (NVD/Red Hat/Patchstack/Wordfence), this key could be misused to purchase the Pro subscription using test credit card numbers without payment; ...