Lucene search
+L

211 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.10 views

CVE-2022-45847

Cross-Site Request Forgery CSRF vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting XSS.This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1...

6.1CVSS5.1AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/07 12:25 p.m.4 views

WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Widget Countdown versions = 2.7.4...

6.5CVSS7.1AI score0.00215EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/05/07 8:15 a.m.4 views

CVE-2024-12120

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget displaymessagetext parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.6 views

WordPress plugin Royal Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS7.5AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.10 views

PT-2025-20030 · Unknown · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: Royal Elementor Addons and Templates versions up to 1.7.1017 Description: The issue is related to Stored Cross-Site Scripting in the Royal Elementor Addons and Templates plugin for WordPress. This occurs due to insufficient input sanitization...

5.4CVSS8AI score0.0023EPSS
Exploits0References9
OSV
OSV
added 2025/03/14 8:15 a.m.6 views

CVE-2025-1526

The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget countdown feature in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 2025/03/08 2:15 a.m.26 views

CVE-2025-1261

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/08 1:44 a.m.44 views

CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/08 1:44 a.m.8 views

CVE-2025-1261 HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/08 1:27 a.m.7 views

WordPress HT Mega plugin <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin HT Mega versions = 2.8.2...

6.4CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/25 11:34 p.m.5 views

WordPress Sina Extension for Elementor plugin <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes vulnerability discovered by zer0gh0st in WordPress Plugin Sina Extension for Elementor versions = 3.6.0...

6.4CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/11 5:15 a.m.4 views

CVE-2024-12599

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.1CVSS7.4AI score0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 4:21 a.m.11 views

CVE-2024-12599 HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 4:21 a.m.16 views

CVE-2024-12599 HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00326EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 4:21 a.m.63 views

CVE-2024-12599

CVE-2024-12599 affects HT Mega – Absolute Addons For Elementor (WordPress). It is a Stored XSS via the Countdown widget in all versions up to 2.8.1, caused by insufficient input sanitization and output escaping for user-supplied attributes. Exploitation requires authenticated access at contributo...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/10 10:32 p.m.4 views

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin HT Mega versions = 2.8.1...

7.2CVSS5.8AI score0.00326EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/05 5:15 a.m.11 views

CVE-2024-10178

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS0.00324EPSS
Exploits0References3
OSV
OSV
added 2024/12/05 5:15 a.m.4 views

CVE-2024-10178

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attribute...

5.4CVSS5.9AI score0.00324EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/05 4:23 a.m.10 views

CVE-2024-10178 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS5.9AI score0.00324EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/05 4:23 a.m.22 views

CVE-2024-10178 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS0.00324EPSS
Exploits0References3
Rows per page
Query Builder