Lucene search
K

2311 matches found

Positive Technologies
Positive Technologies
added 2022/04/17 12:0 a.m.10 views

PT-2022-13802 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions 3.6.0 through 3.6.2 Description: The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in t...

8.8CVSS8.7AI score0.92658EPSS
Exploits10References15
VulnCheck KEV
VulnCheck KEV
added 2022/04/13 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...

8.8CVSS7.3AI score0.92658EPSS
Exploits10References1
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.8 views

CVE-2022-0327

The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scriptin...

6.1CVSS6.3AI score0.00783EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Power Ups for Elementor plugin <= 1.2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Power Ups for Elementor plugin versions = 1.2.1. Solution Update the WordPress Power Ups for Elementor plugin to the latest available version at least 1.2.2...

4.5AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/22 12:0 a.m.33 views

Essential Addons for Elementor Plugin for WordPress < 5.0.5 Local File Inclusion

The WordPress Essential Addons for Elementor Plugin installed on the remote host is affected by a local file inclusion vulnerability due to improper validation of user-supplied input inside of the PHP's include function in the ajaxloadmore and ajaxeaelproductgallery methods. Note that the scanner...

9.8CVSS7.2AI score0.01989EPSS
Exploits1References3
NVD
NVD
added 2022/02/01 1:15 p.m.16 views

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...

9.8CVSS0.01989EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.4 views

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in the WordPress Elementor plugin, which allows an...

9.8CVSS8.4AI score0.01989EPSS
Exploits1References2
OSV
OSV
added 2021/11/17 6:15 p.m.4 views

CVE-2021-42360

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...

5.4CVSS5.8AI score0.00585EPSS
Exploits1References1
NVD
NVD
added 2021/11/17 6:15 p.m.24 views

CVE-2021-42360

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...

7.6CVSS0.00585EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2021/11/17 5:45 p.m.11 views

CVE-2021-42360 Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS

On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...

7.6CVSS6.7AI score0.00585EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.5 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Elementor plugin that stems from a lack of data validation...

7.6CVSS6AI score0.00585EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.11 views

Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update

The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...

1.5AI score
Exploits0Affected Software1
OSV
OSV
added 2021/06/14 2:15 p.m.3 views

CVE-2021-24351

The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...

6.1CVSS5.8AI score0.02483EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/06/14 12:0 a.m.6 views

PT-2021-15895 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder WordPress plugin versions prior to 4.1.11 Description: The issue allows an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site, as the plugin did n...

5.3CVSS5.3AI score0.0111EPSS
Exploits2References4
Cvelist
Cvelist
added 2021/05/17 4:48 p.m.21 views

CVE-2021-24292 Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget...

5.6AI score0.00636EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in Happy Addo...

5.4CVSS5.2AI score0.00636EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/05/17 12:0 a.m.19 views

WordPress Essential Addons for Elementor Plugin < 4.5.4 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

5.4CVSS5.6AI score0.0059EPSS
Exploits0References2
CNVD
CNVD
added 2021/05/10 12:0 a.m.5 views

WordPress Clever Addons for Elementor Plugin Cross-Site Scripting Vulnerability

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Clever Addons for Elementor Plugin versions prior to 2.10.0. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

5.4CVSS6AI score0.0059EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/10 12:0 a.m.6 views

WordPress Sina Extension for Elementor Plugin Cross-Site Scripting Vulnerability

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Sina Extension for Elementor Plugin versions prior to 3.3.12. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

5.4CVSS6AI score0.0059EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/10 12:0 a.m.4 views

WordPress Premium Addons for Elementor Plugin Cross-Site Scripting Vulnerability

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Premium Addons for Elementor Plugin versions prior to 4.2.8. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

5.4CVSS6AI score0.0059EPSS
Exploits0References1
Rows per page
Query Builder