Lucene search
K

2311 matches found

OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

5.4CVSS5.9AI score0.0048EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-11845 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to and including 2.9.7 Description: The issue allows authenticated attackers with the upload files capability to inject arbitrary web scripts in pages via SVG image uploads. This...

6.4CVSS5.4AI score0.0048EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.8 views

The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, allows attackers to increase their privileges.

The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

10CVSS8.1AI score0.75531EPSS
Exploits8References7Affected Software1
OSV
OSV
added 2023/05/30 8:15 a.m.5 views

CVE-2023-0329

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...

7.2CVSS7.1AI score0.19695EPSS
Exploits7References2
NCSC
NCSC
added 2023/05/24 12:0 a.m.10 views

Vulnerability fixed in WordPress Essential Addons For Elementor plugin

A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...

9.8CVSS7.7AI score0.75531EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2023/05/11 12:0 a.m.216 views

Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation

The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them...

9.8CVSS7.2AI score0.75531EPSS
Exploits8Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/08 1:58 p.m.7 views

CVE-2023-0280 Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00444EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

WordPress plugin Ultimate Carousel For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.12 views

WordPress Ultimate Carousel For Elementor Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Carousel For Elementor Type Plugin Vulnerable versions = 2.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d4b9d7e6fcb Credits István...

5.4CVSS6AI score0.00444EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/03/28 8:15 a.m.3 views

CVE-2022-45831

Unauth. Reflected Cross-Site Scripting XSS vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin = 2.8 versions...

6.1CVSS5.8AI score0.00408EPSS
Exploits0References1
CVE
CVE
added 2023/03/28 8:9 a.m.69 views

CVE-2022-47170

The CVE-2022-47170 entry identifies a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)" for versions

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/03/28 12:0 a.m.9 views

WordPress OoohBoi Steroids for Elementor Plugin <= 2.1.4 is vulnerable to Arbitrary File Deletion

Software OoohBoi Steroids for Elementor Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0336 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 0eee208c0039 Credits Lana Codes...

6.5CVSS6.5AI score0.01003EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2023/03/27 4:15 p.m.38 views

CVE-2023-0495

The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS4.7AI score0.00262EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.7 views

CVE-2023-0336 OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...

6.7AI score0.01003EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.10 views

CVE-2023-0495 HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.6AI score0.00262EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.7 views

WordPress plugin HT Slider For Elementor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS6.2AI score0.00262EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.2 views

WordPress plugin OoohBoi Steroids for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7.1AI score0.01003EPSS
Exploits2References2
OSV
OSV
added 2023/03/13 5:15 p.m.4 views

CVE-2022-4661

The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/13 4:3 p.m.7 views

CVE-2022-4661 Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4AI score0.00471EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.3 views

WordPress plugin Void Contact Form 7 Widget For Elementor Page Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS7.7AI score0.00273EPSS
Exploits0References2
Rows per page
Query Builder