2311 matches found
CVE-2020-36703
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...
PT-2023-11845 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to and including 2.9.7 Description: The issue allows authenticated attackers with the upload files capability to inject arbitrary web scripts in pages via SVG image uploads. This...
The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, allows attackers to increase their privileges.
The vulnerability of the Essential Addons plugin for Elementor, a content management system for WordPress, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
CVE-2023-0329
The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...
Vulnerability fixed in WordPress Essential Addons For Elementor plugin
A vulnerability has been fixed in Essential Addons for Elementor, a popular WordPress plugin with more than a million active installations. The vulnerability allows unauthenticated malicious parties to be able to reset the passwords of arbitrary users on the affected site to reset them, giving th...
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them...
CVE-2023-0280 Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Ultimate Carousel For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Ultimate Carousel For Elementor Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Carousel For Elementor Type Plugin Vulnerable versions = 2.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d4b9d7e6fcb Credits István...
CVE-2022-45831
Unauth. Reflected Cross-Site Scripting XSS vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin = 2.8 versions...
CVE-2022-47170
The CVE-2022-47170 entry identifies a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)" for versions
WordPress OoohBoi Steroids for Elementor Plugin <= 2.1.4 is vulnerable to Arbitrary File Deletion
Software OoohBoi Steroids for Elementor Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0336 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 0eee208c0039 Credits Lana Codes...
CVE-2023-0495
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0336 OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment...
CVE-2023-0495 HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
WordPress plugin HT Slider For Elementor 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin OoohBoi Steroids for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-4661
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2022-4661 Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
WordPress plugin Void Contact Form 7 Widget For Elementor Page Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...