42 matches found
CVE-2025-4414 WordPress CMSMasters Content Composer < 2.5.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer allows PHP Local File Inclusion. This issue affects CMSMasters Content Composer: from n/a through n/a...
PT-2025-27911 · Cmsmasters · Cmsmasters Content Composer
Name of the Vulnerable Software and Affected Versions: CMSMasters Content Composer affected versions not specified Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Local Fi...
WordPress plugin CMSMasters Content Composer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress CMSMasters Content Composer plugin that stems from not doing effective filtering of local file resource calls, which can b...
WordPress CMSMasters Content Composer plugin < 2.5.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin CMSMasters Content Composer versions 2.5.7...
CVE-2024-7963
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-9694
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9694
CVE-2024-9694 : CMSMasters Elementor Addon for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability across all versions up to 1.14.7. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in multiple widgets, enabling an authen...
CVE-2024-9694 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2024-39766 · WordPress · Cmsmasters Elementor Addon
Name of the Vulnerable Software and Affected Versions: CMSMasters Elementor Addon plugin for WordPress versions up to, and including, 1.14.7 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...
WordPress plugin CMSMasters Elementor Addon 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress CMSMasters Elementor Addon plugin <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by István Márton in WordPress Plugin CMSMasters Elementor Addon versions = 1.14.7...
The vulnerability of the CMSMasters plugin for the WordPress content management system allows attackers to enhance their privileges and execute cross-site scripting attacks.
The vulnerability of the CMSMasters plugin for WordPress content management system is related to the lack of protective measures taken against the website’s structure. Exploiting this vulnerability allows attackers to enhance their privileges and perform cross-site attacks...
CVE-2024-7963
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-7963
CMSMasters Content Composer for WordPress is affected by a Stored Cross-Site Scripting (XSS) via multiple shortcodes in all versions up to 1.8.8. Exploitation requires authenticated access at contributor level or higher, enabling injected scripts to execute when users load injected pages. Patch g...
CVE-2024-7963 CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin CMSMasters Content Composer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
WordPress CMSMasters Content Composer plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin CMSMasters Content Composer versions = 1.8.8...
WordPress CMSMasters Content Composer Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)
Software CMSMasters Content Composer Type Plugin Vulnerable versions = 1.8.8 Fixed in 1.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 38f9969e9e5b Credits István Márto...
Clockstone and other CMSMasters Theme File Upload Vulnerabilities
No description provided by source. Exploit Title: Clockstone and Various other CMSMasters Theme File Upload Vulnerabilities Google Dork: wp-content/themes/clockstone Date: 12/18/2012 Exploit Author: DigiP Vendor Homepage: http://cmsmasters.net/ Software Link:...
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
Exploit Title: Clockstone and Various other CMSMasters Theme File Upload Vulnerabilities Google Dork: "wp-content/themes/clockstone" Date: 12/18/2012 Exploit Author: DigiP Vendor Homepage: http://cmsmasters.net/ Software Link: http://themeforest.net/item/clockstone-ultimate-wordpress-theme/306607...