Lucene search
K

573 matches found

Cvelist
Cvelist
added 2024/02/05 9:21 p.m.29 views

CVE-2024-0834

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

6.4CVSS5.9AI score0.00531EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin Elementor Addon Elements security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.1AI score0.00531EPSS
Exploits0References4
OSV
OSV
added 2024/01/27 5:15 a.m.6 views

CVE-2024-0824

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2023/12/29 11:15 a.m.3 views

CVE-2023-50901

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8...

6.1CVSS7.3AI score0.00351EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.16 views

Elementor Addon Elements < 1.12.8 - Elementor Addon Element Enabling/Disabling via CSRF

Description The plugin does not have CSRF check in its eaesaveelements function, which could allow attackers to make logged in admins enable and disable Elementor add-on elements via a CSRF attack...

5.4CVSS5.5AI score0.00298EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/11/15 11:15 p.m.4 views

CVE-2023-5381

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS6.7AI score0.00496EPSS
Exploits0References3
NVD
NVD
added 2023/11/15 11:15 p.m.12 views

CVE-2023-5381

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS0.00496EPSS
Exploits0References3
OSV
OSV
added 2023/11/15 11:15 p.m.3 views

CVE-2023-4723

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

5.3CVSS7.3AI score0.00927EPSS
Exploits0References3
OSV
OSV
added 2023/11/15 11:15 p.m.4 views

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

4.3CVSS7.2AI score0.00298EPSS
Exploits0References3
NVD
NVD
added 2023/11/15 11:15 p.m.21 views

CVE-2023-4689

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

5.4CVSS0.00298EPSS
Exploits0References3
NVD
NVD
added 2023/11/15 11:15 p.m.44 views

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

5.4CVSS0.00298EPSS
Exploits0References3
Prion
Prion
added 2023/11/15 11:15 p.m.20 views

Cross site request forgery (csrf)

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

4.3CVSS6.6AI score0.00298EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/11/15 11:15 p.m.20 views

Design/Logic Flaw

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

5CVSS7.1AI score0.00927EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/15 10:32 p.m.12 views

CVE-2023-4690 Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

5.4CVSS6.6AI score0.00298EPSS
Exploits0References3
CVE
CVE
added 2023/11/15 10:32 p.m.64 views

CVE-2023-4690

CVE-2023-4690 affects the Elementor Addon Elements plugin for WordPress (versions

5.4CVSS4.5AI score0.00298EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/15 10:32 p.m.37 views

CVE-2023-4723 Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

5.3CVSS5.6AI score0.00927EPSS
Exploits0References3
CVE
CVE
added 2023/11/15 10:32 p.m.67 views

CVE-2023-4723

CVE-2023-4723 — Elementor Addon Elements for WordPress is a vulnerability in the WordPress plugin Elementor Addon Elements, affecting versions up to and including 1.12.7. The issue stems from the ajax_eae_post_data function, which allows unauthenticated attackers to expose sensitive information s...

5.3CVSS5.6AI score0.00927EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/11/15 10:32 p.m.74 views

CVE-2023-5381

CVE-2023-5381 – Elementor Addon Elements for WordPress is vulnerable to Stored XSS via admin settings in versions up to and including 1.12.7 due to insufficient input sanitization and output escaping. An attacker with administrator privileges can inject scripts that execute when users load inject...

4.8CVSS4.9AI score0.00496EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/15 10:32 p.m.10 views

CVE-2023-4689 Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

5.4CVSS6.6AI score0.00298EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.5 views

PT-2023-30255 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the eae save elements function. This allows...

5.4CVSS5.4AI score0.00298EPSS
Exploits0References5
Rows per page
Query Builder