84 matches found
PT-2024-18853 · WordPress · Move Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's infobox and button widget due to insufficient input sanitization and output...
CVE-2024-1392
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
Cross site scripting
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2024-1392 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
PT-2024-18004 · WordPress · Elementor Addon Elements
Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the button1 icon attribute of the Dual Button widget due to insufficient input...
WordPress Plugin Elementor Addon Elements Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin PowerPack Addons for Elementor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Elementor Addon Elements < 1.13 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrar...
CVE-2024-1590
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2024-1590
CVE-2024-1590 affects the WordPress Page Builder Pagelayer plugin (versions up to and including 1.8.2). The vulnerability is a Stored XSS in the Button Widget due to insufficient input sanitization and output escaping on user-supplied attributes. With contributor-level (or higher) authentication,...
Page Builder < 1.8.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Button Widget options before outputting them back in a page/post where the widget is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-18154 · Pagelayer · Pagelayer
Name of the Vulnerable Software and Affected Versions: Pagelayer versions up to, and including, 1.8.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Button Widget of the Pagelayer plugin. This allows authenticated attacker...
CVE-2023-51399
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...
CVE-2023-51399
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...
CVE-2023-51399 WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...
CVE-2023-51399
The CVE-2023-51399 affects the WordPress WPFactory Back Button Widget plugin (versions ≤ 1.6.3). Root cause: improper neutralization of input during web page generation, enabling Stored XSS. Impact: stored XSS in widget output; PRI/impact as documented (low confidentiality, integrity, availabilit...
WordPress Plugin Back Button Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)
Software Back Button Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ff3d6bccb6d Credits Ngô Thiên An ancorn from VNPT-VCI...
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...