53 matches found
PT-2024-27290 · Stylemixthemes · Stylemixthemes Consulting Elementor Widgets +1
Name of the Vulnerable Software and Affected Versions: StylemixThemes Consulting Elementor Widgets versions 1.3.0 and earlier StylemixThemes Masterstudy Elementor Widgets versions 1.2.2 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in a...
PT-2024-31194 · WordPress · Themesflat Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widget's titles due to insufficient input sanitization and output...
CVE-2024-4449
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets ...
CVE-2024-3989
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2024-15845 · WordPress · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.6.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on...
CVE-2023-52214
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3...
PT-2024-17976 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions up to, and including, 3.20.1 Description: The issue is related to Stored Cross-Site Scripting via the widget's custom id due to insufficient input sanitization and output escaping on...
CVE-2024-2129
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Cross site scripting
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possib...
CVE-2024-0508
The CVE-2024-0508 entry concerns Orbit Fox by ThemeIsle for WordPress, with a Stored Cross-Site Scripting vulnerability in the Pricing Table Elementor Widget present in all versions up to and including 2.10.27. The issue stems from insufficient input sanitization and output escaping on user-suppl...
CVE-2024-0508 Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possib...
WordPress plugin Orbit Fox by ThemeIsle security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2021-24203
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget includes/widgets/divider.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified...