Lucene search
K

84 matches found

Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.5 views

PT-2024-18853 · WordPress · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's infobox and button widget due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.00343EPSS
Exploits0References7
NVD
NVD
added 2024/03/13 4:15 p.m.24 views

CVE-2024-1392

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS5.7AI score0.00509EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.5CVSS6.1AI score0.00509EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.16 views

CVE-2024-1392 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS7AI score0.00509EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-18004 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the button1 icon attribute of the Dual Button widget due to insufficient input...

6.4CVSS8AI score0.00509EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin Elementor Addon Elements Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.8AI score0.00509EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

WordPress Plugin PowerPack Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.18 views

Elementor Addon Elements < 1.13 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrar...

6.4CVSS5.7AI score0.00509EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/23 10:15 a.m.4 views

CVE-2024-1590

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

5.4CVSS7.4AI score0.00371EPSS
Exploits0References2
CVE
CVE
added 2024/02/23 9:32 a.m.82 views

CVE-2024-1590

CVE-2024-1590 affects the WordPress Page Builder Pagelayer plugin (versions up to and including 1.8.2). The vulnerability is a Stored XSS in the Button Widget due to insufficient input sanitization and output escaping on user-supplied attributes. With contributor-level (or higher) authentication,...

5.4CVSS5AI score0.00371EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/23 12:0 a.m.6 views

Page Builder < 1.8.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Button Widget options before outputting them back in a page/post where the widget is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00371EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.4 views

PT-2024-18154 · Pagelayer · Pagelayer

Name of the Vulnerable Software and Affected Versions: Pagelayer versions up to, and including, 1.8.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Button Widget of the Pagelayer plugin. This allows authenticated attacker...

5.4CVSS5.7AI score0.00371EPSS
Exploits0References4
NVD
NVD
added 2023/12/29 11:15 a.m.27 views

CVE-2023-51399

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

6.5CVSS0.00328EPSS
Exploits0References1
OSV
OSV
added 2023/12/29 11:15 a.m.3 views

CVE-2023-51399

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

5.4CVSS7.3AI score0.00328EPSS
Exploits0References1
Prion
Prion
added 2023/12/29 11:15 a.m.18 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

4.9CVSS6.9AI score0.00328EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/29 10:20 a.m.30 views

CVE-2023-51399 WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

6.5CVSS6.6AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2023/12/29 10:20 a.m.42 views

CVE-2023-51399

The CVE-2023-51399 affects the WordPress WPFactory Back Button Widget plugin (versions ≤ 1.6.3). Root cause: improper neutralization of input during web page generation, enabling Stored XSS. Impact: stored XSS in widget output; PRI/impact as documented (low confidentiality, integrity, availabilit...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.3 views

WordPress Plugin Back Button Widget Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.13 views

WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software Back Button Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51399 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9ff3d6bccb6d Credits Ngô Thiên An ancorn from VNPT-VCI...

6.5CVSS6.5AI score0.00328EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/18 5:15 p.m.4 views

CVE-2022-1912

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...

8.8CVSS5.6AI score0.00503EPSS
Exploits0References3
Rows per page
Query Builder