Lucene search
K

211 matches found

CVE
CVE
added 2025/08/24 5:27 a.m.29 views

CVE-2025-8208

CVE-2025-8208 : The Spexo Addons for Elementor WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Countdown widget in versions up to and including 1.0.23. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes, allow...

6.4CVSS5.5AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/24 12:0 a.m.6 views

PT-2025-34548 · WordPress · Spexo Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Spexo Addons for Elementor plugin for WordPress versions up to and including 1.0.23 Description: The Spexo Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Countdown widget. Insufficient input...

6.4CVSS5.8AI score0.00222EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/08 4:27 a.m.9 views

CVE-2025-7498

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 4:16 a.m.3 views

CVE-2025-7498

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/06 3:41 a.m.3 views

CVE-2025-7498 Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.6 views

PT-2025-32098 · WordPress +1 · Exclusive Addons For Elementor +1

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor versions up to and including 2.7.9.4 Description: The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting through the Countdown Widget due to insufficient input...

6.4CVSS5.7AI score0.00217EPSS
Exploits0References8
OSV
OSV
added 2025/06/10 12:15 p.m.4 views

CVE-2025-4774

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 2025/06/10 12:15 p.m.21 views

CVE-2025-4774

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/10 11:22 a.m.11 views

CVE-2025-4774 Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.2 views

WordPress plugin Premium Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6AI score0.00218EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.5 views

CVE-2024-3161

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

6.4CVSS5AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.3 views

CVE-2024-3307

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.3 views

CVE-2024-3199

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

6.4CVSS5AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.5 views

CVE-2024-6346

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.5 views

CVE-2024-4482

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping...

6.4CVSS6AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.14 views

CVE-2024-10785

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.6 views

CVE-2024-10178

The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS5.8AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.4 views

CVE-2024-10308

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.1AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.6 views

CVE-2024-4783

The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.7 views

CVE-2023-0171

The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.5AI score0.00562EPSS
Exploits2References1
Rows per page
Query Builder