2302 matches found
CVE-2023-28989
Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...
CVE-2023-28989
Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...
CVE-2023-28989
CVE-2023-28989 is a CSRF vulnerability in the WordPress plugin Happy Addons for Elementor (weDevs) affecting versions
WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Visibility Logic for Elementor Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47169 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID d9ff5fa9519c Credits Muhammad Daff...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Premium Addons for Elementor Premium Addons PRO plugin = 2.8.24 versions...
PT-2023-24631 · Unknown · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor Premium Addons PRO plugin versions = 2.8.24 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scrip...
CVE-2023-3295
The Unlimited Elements For Elementor Free Widgets, Addons, Templates for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers,...
WordPress plugin Unlimited Elements For Elementor 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
CVE-2023-0709
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...
CVE-2023-1807 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the togglewidget function. This makes it possible for unauthenticated attackers t...
CVE-2023-1843 Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalinksetup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the...
CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, allows attackers to increase their privileges.
The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
PT-2023-11845 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to and including 2.9.7 Description: The issue allows authenticated attackers with the upload files capability to inject arbitrary web scripts in pages via SVG image uploads. This...
CVE-2023-0329
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...
Vulnerability fixed in WordPress Essential Addons For Elementor plugin
A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them...
CVE-2023-0280 Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Ultimate Carousel For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Ultimate Carousel For Elementor Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Carousel For Elementor Type Plugin Vulnerable versions = 2.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d4b9d7e6fcb Credits István...