Lucene search
K

2302 matches found

NVD
NVD
added 2023/07/10 4:15 p.m.48 views

CVE-2023-28989

Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2023/07/10 4:15 p.m.4 views

CVE-2023-28989

Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...

8.8CVSS7.3AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2023/07/10 12:51 p.m.36 views

CVE-2023-28989

CVE-2023-28989 is a CSRF vulnerability in the WordPress plugin Happy Addons for Elementor (weDevs) affecting versions

8.8CVSS6.5AI score0.00309EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/05 12:0 a.m.13 views

WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Visibility Logic for Elementor Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47169 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID d9ff5fa9519c Credits Muhammad Daff...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/23 12:15 p.m.21 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Premium Addons for Elementor Premium Addons PRO plugin = 2.8.24 versions...

5.8CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.12 views

PT-2023-24631 · Unknown · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor Premium Addons PRO plugin versions = 2.8.24 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scrip...

7.1CVSS6.1AI score0.00382EPSS
Exploits0References4
OSV
OSV
added 2023/06/17 2:15 a.m.2 views

CVE-2023-3295

The Unlimited Elements For Elementor Free Widgets, Addons, Templates for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers,...

8.8CVSS6.4AI score0.01308EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/17 12:0 a.m.4 views

WordPress plugin Unlimited Elements For Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

8.8CVSS8.9AI score0.01308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.1 views

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS6AI score0.00556EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.12 views

CVE-2023-1807 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the togglewidget function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.6AI score0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.7 views

CVE-2023-1843 Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalinksetup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the...

6.5CVSS6.7AI score0.00629EPSS
Exploits0References3
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

5.4CVSS5.9AI score0.0048EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.8 views

The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, allows attackers to increase their privileges.

The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

10CVSS8.1AI score0.75531EPSS
Exploits8References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-11845 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to and including 2.9.7 Description: The issue allows authenticated attackers with the upload files capability to inject arbitrary web scripts in pages via SVG image uploads. This...

6.4CVSS5.4AI score0.0048EPSS
Exploits1References4
OSV
OSV
added 2023/05/30 8:15 a.m.5 views

CVE-2023-0329

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...

7.2CVSS7.1AI score0.19695EPSS
Exploits7References2
NCSC
NCSC
added 2023/05/24 12:0 a.m.9 views

Vulnerability fixed in WordPress Essential Addons For Elementor plugin

A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...

9.8CVSS7.7AI score0.75531EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.216 views

Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation

The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them...

9.8CVSS7.2AI score0.75531EPSS
Exploits8Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/08 1:58 p.m.7 views

CVE-2023-0280 Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00444EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

WordPress plugin Ultimate Carousel For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.12 views

WordPress Ultimate Carousel For Elementor Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Carousel For Elementor Type Plugin Vulnerable versions = 2.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d4b9d7e6fcb Credits István...

5.4CVSS6AI score0.00444EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder