Lucene search
+L

253 matches found

nvd
nvd
added 2024/11/30 10:15 p.m.15 views

CVE-2024-53774

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Sparkle Elementor Kit sparkle-elementor-kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through = 2.0.9...

6.5CVSS0.00283EPSS
Exploits0References1
cve
cve
added 2024/11/30 9:17 p.m.56 views

CVE-2024-53774

CVE-2024-53774 is a DOM-based XSS in the Sparkle Elementor Kit for WordPress, caused by improper input neutralization during web page generation. Affected: Sparkle Elementor Kit versions up to and including 2.0.9. The vulnerability enables cross-site scripting via user input during page rendering...

6.5CVSS7.2AI score0.00283EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/11/30 9:17 p.m.10 views

CVE-2024-53774 WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sparkle WP Sparkle Elementor Kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through 2.0.9...

6.5CVSS7AI score0.00283EPSS
Exploits0References1
cvelist
cvelist
added 2024/11/30 9:17 p.m.25 views

CVE-2024-53774 WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Sparkle Elementor Kit sparkle-elementor-kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through = 2.0.9...

6.5CVSS0.00283EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/11/30 12:0 a.m.8 views

WordPress plugin Sparkle Elementor Kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS8AI score0.00283EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/30 12:0 a.m.9 views

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

6.5CVSS6.7AI score0.00283EPSS
Exploits0References5
patchstack
patchstack
added 2024/11/28 2:33 p.m.8 views

WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Sparkle Elementor Kit versions = 2.0.9...

6.5CVSS6.1AI score0.00283EPSS
Exploits0Affected Software1
osv
osv
added 2024/11/26 11:22 a.m.6 views

CVE-2024-8899

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the rendercontent function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS7.3AI score0.004EPSS
Exploits0References2
osv
osv
added 2024/11/26 11:15 a.m.2 views

CVE-2024-10308

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score
Exploits0References2
nvd
nvd
added 2024/11/26 11:15 a.m.14 views

CVE-2024-10308

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00306EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/26 11:4 a.m.39 views

CVE-2024-8899 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the rendercontent function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS0.004EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/11/26 12:0 a.m.4 views

WordPress plugin Jeg Elementor Kit 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

4.3CVSS7.9AI score0.004EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/11/26 12:0 a.m.4 views

WordPress plugin Jeg Elementor Kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS7.8AI score0.00306EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/11/26 12:0 a.m.5 views

PT-2024-39307 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is...

4.3CVSS6.6AI score0.004EPSS
Exploits0References5
patchstack
patchstack
added 2024/11/25 11:20 p.m.5 views

WordPress Jeg Elementor Kit plugin <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget vulnerability

WordPress Jeg Elementor Kit plugin = 2.6.9 - Authenticated Contributor+ Stored Cross-Site Scripting via JKit - Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Jeg Elementor Kit versions = 2.6.9...

6.4CVSS5.8AI score0.00306EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/11/25 11:19 p.m.5 views

WordPress Jeg Elementor Kit plugin <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via sgcontenttemplate vulnerability discovered by Ankit Patel in WordPress Plugin Jeg Elementor Kit versions = 2.6.9...

4.3CVSS7AI score0.004EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/11/25 12:0 a.m.23 views

WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Sensitive Data Exposure

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8899 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a83345ae77b9 Credits Ankit Patel Required...

4.3CVSS6.5AI score0.004EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2024/11/25 12:0 a.m.14 views

WordPress Jeg Elementor Kit Plugin <= 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software Jeg Elementor Kit Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7709d157b72c Credits zer0gh0st Required...

6.4CVSS5.7AI score0.00306EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/11/19 5:15 p.m.8 views

CVE-2024-51856

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibllex Moose Elementor Kit moose-elementor-kit allows DOM-Based XSS.This issue affects Moose Elementor Kit: from n/a through = 1.0.0...

6.5CVSS0.00414EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/11/19 4:31 p.m.13 views

CVE-2024-51856 WordPress Moose Elementor Kit plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibllex Moose Elementor Kit moose-elementor-kit allows DOM-Based XSS.This issue affects Moose Elementor Kit: from n/a through = 1.0.0...

6.5CVSS8.6AI score0.00414EPSS
Exploits0References1
Rows per page
Query Builder