CVE-2024-2185 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Plugin JetWidgets For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin Beaver Builder Addons by WPZOOM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress...

PT-2024-18864 · WordPress · Jetwidgets For Elementor

Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.15 Description: The issue is related to Stored Cross-Site Scripting via the Animated Box widget due to insufficient input sanitization and output escaping. This...

The vulnerability of the ctts_box_read() function on the GPAC multimedia platform allows a intruder to trigger a service failure.

The vulnerability of the cttsboxread function on the GPAC multimedia platform is related to resource release errors. Exploiting this vulnerability could allow a hacker to cause a service failure...

Element Pack Elementor Addons < 5.5.4 - Contributor+ Stored XSS via Trailer Box Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

The vulnerability of the extract() function in Outdoorbits Little-Backup-Box software, which allows a hacker to execute arbitrary code.

The vulnerability of the extract function in image and multimedia file backup software from Outdoorbits Little-Backup-Box is related to insufficient data authenticity checking. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2024-1428

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget in all versions up...

WordPress Plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18038 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.3 Description: The issue is related to Stored Cross-Site Scripting via the element pack wrapper link attribute of the Trailer Box widget due to...

WordPress Modal Popup Box plugin <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in awlmodalpopupboxshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Modal Popup Box versions = 1.5.2...

Jeg Elementor Kit < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

PT-2024-18565 · WordPress · The Modal Popup Box – Popup Builder

Name of the Vulnerable Software and Affected Versions: The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with contributor-level access and above to inject a PHP Object...

WordPress Modal Popup Box Plugin <= 1.5.2 is vulnerable to PHP Object Injection

Software Modal Popup Box Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2008 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 963c409562cd Credits Francesco Carlucci Required privilege...

WordPress Plugin Modal Popup Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box andTestimonial vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box andTestimonial vulnerability discovered by Nikolas in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...

CVE-2024-1327

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-lev...

CVE-2024-1327

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-lev...

WordPress Plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the box_add() function in the virtuoso-opensource web application development platform allows a hacker to trigger a service failure.

The vulnerability of the boxadd function in the virtuoso-opensource web application development platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures after executing the SELECT operator...