Lucene search
+L

53 matches found

Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.8 views

PT-2024-27290 · Stylemixthemes · Stylemixthemes Consulting Elementor Widgets +1

Name of the Vulnerable Software and Affected Versions: StylemixThemes Consulting Elementor Widgets versions 1.3.0 and earlier StylemixThemes Masterstudy Elementor Widgets versions 1.2.2 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in a...

9.9CVSS7.6AI score0.01243EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.6 views

PT-2024-31194 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widget's titles due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00345EPSS
Exploits0References7
OSV
OSV
added 2024/05/14 3:43 p.m.4 views

CVE-2024-4449

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets ...

5.4CVSS5.9AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 3:42 p.m.5 views

CVE-2024-3989

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-15845 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.6.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.00607EPSS
Exploits0References7
OSV
OSV
added 2024/03/26 1:15 p.m.4 views

CVE-2023-52214

Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3...

8.8CVSS7.3AI score0.00414EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-17976 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions up to, and including, 3.20.1 Description: The issue is related to Stored Cross-Site Scripting via the widget's custom id due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.0032EPSS
Exploits0References9
OSV
OSV
added 2024/03/20 7:15 a.m.4 views

CVE-2024-2129

The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

5.4CVSS6AI score0.00452EPSS
Exploits0References2
Prion
Prion
added 2024/02/05 10:16 p.m.13 views

Cross site scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possib...

4.9CVSS5.9AI score0.00525EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/05 9:22 p.m.50 views

CVE-2024-0508

The CVE-2024-0508 entry concerns Orbit Fox by ThemeIsle for WordPress, with a Stored Cross-Site Scripting vulnerability in the Pricing Table Elementor Widget present in all versions up to and including 2.10.27. The issue stems from insufficient input sanitization and output escaping on user-suppl...

6.4CVSS5.2AI score0.00525EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:22 p.m.27 views

CVE-2024-0508 Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possib...

6.4CVSS5.8AI score0.00525EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.7 views

WordPress plugin Orbit Fox by ThemeIsle security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS6AI score0.00525EPSS
Exploits0References5
OSV
OSV
added 2021/04/05 7:15 p.m.6 views

CVE-2021-24203

In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget includes/widgets/divider.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified...

5.4CVSS5.8AI score0.00746EPSS
Exploits2References2
Rows per page
Query Builder