120 matches found
CVE-2024-47628
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.3.9.3...
CVE-2024-47628 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.3.9.3...
CVE-2024-47628 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.3.9.3...
WordPress LA-Studio Element Kit for Elementor Plugin <= 1.3.9.3 is vulnerable to Cross Site Scripting (XSS)
Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.3.9.3 Fixed in 1.3.9.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47628 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e41d1566ec6 Credits João Pedro S...
CVE-2024-43210
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2...
CVE-2024-43210 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2...
CVE-2024-43210 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2...
CVE-2024-43210
CVE-2024-43210: LA-Studio Element Kit for Elementor is affected by a stored XSS due to improper input neutralization during web page generation. Impact is stored cross-site scripting within pages rendered by the plugin, affecting LA-Studio Element Kit for Elementor versions up to 1.3.9.2 (vendor)...
WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.9.2...
WordPress LA-Studio Element Kit for Elementor Plugin <= 1.3.9.2 is vulnerable to Cross Site Scripting (XSS)
Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.3.9.2 Fixed in 1.3.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43210 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d710467debc Credits Khalid Yusuf...
CVE-2024-37479
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...
CVE-2024-37479 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...
CVE-2024-37479 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...
CVE-2024-37479
CVE-2024-37479 affects LA-Studio Element Kit for Elementor. A Local File Inclusion flaw exists in the LA-Studio Progress Bar widget, exposed through the progress_type attribute in the New Post context. The issue is labeled as authenticated (Contributor+) LFI, impacting versions up to 1.3.8.1. Exp...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.8.1...
CVE-2024-5349
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
CVE-2024-5349
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
PT-2024-35760 · WordPress · La-Studio Element Kit For Elementor
Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.3.8.1 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server...