47 matches found
CVE-2024-5757 Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5757
CVE-2024-5757 affects the Elementor Header & Footer Builder plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Site Title widget’s url attribute in all versions up to and including 1.6.35, caused by insufficient input sanitization and output escaping. Exploitat...
WordPress plugin Elementor Header & Footer Builder security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37124 · WordPress · Elementor Header & Footer Builder
Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.35 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget due to insufficient inpu...
WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability
Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.35...
WordPress Elementor Header & Footer Builder plugin <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.26...
CVE-2024-2618
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Elementor Header & Footer Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-21305 · WordPress · Elementor Header & Footer Builder
Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.26 Description: The issue is related to Stored Cross-Site Scripting via the size attribute due to insufficient input sanitization and output escaping...
CVE-2024-2619
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...
CVE-2024-2619 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Author+) HTML Injection
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...
CVE-2024-4634
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfesvgmimetypes’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4634
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfesvgmimetypes’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4634 Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfesvgmimetypes’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4634
CVE-2024-4634 (Elementor Header & Footer Builder, WordPress) stores cross-site scripting via the hfe_svg_mime_types path in versions up to 1.6.28 due to insufficient input sanitization and output escaping. The issue requires authentication (contributors or higher) to inject arbitrary scripts that...
WordPress Elementor Header & Footer Builder plugin <= 1.6.26 - Authenticated (Author+) HTML Injection vulnerability
Authenticated Author+ HTML Injection vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.26...
WordPress plugin Elementor Header & Footer Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-31964 · WordPress · Elementor Header & Footer Builder
Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.28 Description: The issue is related to Stored Cross-Site Scripting via the hfe svg mime types function due to insufficient input sanitization and outpu...
WordPress plugin Elementor Header & Footer Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...