2311 matches found
PT-2022-13802 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions 3.6.0 through 3.6.2 Description: The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in t...
VulnCheck KEV: CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...
CVE-2022-0327
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scriptin...
WordPress Power Ups for Elementor plugin <= 1.2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Power Ups for Elementor plugin versions = 1.2.1. Solution Update the WordPress Power Ups for Elementor plugin to the latest available version at least 1.2.2...
Essential Addons for Elementor Plugin for WordPress < 5.0.5 Local File Inclusion
The WordPress Essential Addons for Elementor Plugin installed on the remote host is affected by a local file inclusion vulnerability due to improper validation of user-supplied input inside of the PHP's include function in the ajaxloadmore and ajaxeaelproductgallery methods. Note that the scanner...
CVE-2022-0320
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...
WordPress 路径遍历漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in the WordPress Elementor plugin, which allows an...
CVE-2021-42360
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...
CVE-2021-42360
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...
CVE-2021-42360 Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the editposts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block...
WordPress 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Elementor plugin that stems from a lack of data validation...
Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update
The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...
CVE-2021-24351
The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...
PT-2021-15895 · WordPress · The Plus Addons For Elementor Page Builder
Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder WordPress plugin versions prior to 4.1.11 Description: The issue allows an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site, as the plugin did n...
CVE-2021-24292 Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in Happy Addo...
WordPress Essential Addons for Elementor Plugin < 4.5.4 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Clever Addons for Elementor Plugin Cross-Site Scripting Vulnerability
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Clever Addons for Elementor Plugin versions prior to 2.10.0. An attacker can exploit this vulnerability to launch a cross-site scripting attack...
WordPress Sina Extension for Elementor Plugin Cross-Site Scripting Vulnerability
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Sina Extension for Elementor Plugin versions prior to 3.3.12. An attacker can exploit this vulnerability to launch a cross-site scripting attack...
WordPress Premium Addons for Elementor Plugin Cross-Site Scripting Vulnerability
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Premium Addons for Elementor Plugin versions prior to 4.2.8. An attacker can exploit this vulnerability to launch a cross-site scripting attack...