Lucene search
+L

176 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-45467

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 1:15 p.m.3 views

CVE-2025-48354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elementor allows Stored XSS.This issue affects Better Post & Filter Widgets for Elementor: from n/a throug...

6.5CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 5:27 a.m.11 views

CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...

7.5CVSS0.00391EPSS
Exploits0References2
CVE
CVE
added 2025/08/12 5:27 a.m.29 views

CVE-2025-6253

The CVE-2025-6253 entry concerns the WordPress plugin UiCore Elements (Free Elementor widgets/templates) with versions up to and including 1.3.0. The vulnerability is an Arbitrary File Read caused by a missing capability check and insufficient controls on the filename in the prepare_template() fu...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.9 views

PT-2025-32628 · WordPress · Uicore Elements

Name of the Vulnerable Software and Affected Versions: UiCore Elements – Free Elementor widgets and templates for WordPress versions up to and including 1.3.0 Description: The plugin is susceptible to arbitrary file reading via the prepare template function. This is due to a missing capability...

7.5CVSS7.2AI score0.00391EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/03 2:14 p.m.10 views

CVE-2025-7845

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/08/01 5:15 a.m.15 views

CVE-2025-7845

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS0.00225EPSS
Exploits0References4
CVE
CVE
added 2025/08/01 4:24 a.m.24 views

CVE-2025-7845

CVE-2025-7845 affects the WordPress plugin Stratum – Elementor Widgets (versions up to and including 1.6.0). The vulnerability is a Stored Cross-Site Scripting flaw in the Advanced Google Maps and Image Hotspot widgets caused by insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.9AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.10 views

PT-2025-31604 · Elementor +1 · Elementor +1

Name of the Vulnerable Software and Affected Versions: Stratum – Elementor Widgets versions up to and including 1.6.0 Description: The Stratum – Elementor Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Advanced Google Maps and Image Hotspot widgets...

6.4CVSS5.7AI score0.00225EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 8:31 a.m.5 views

CVE-2024-50542

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zachsilberstein RLM Elementor Widgets Pack rlm-elementor-widgets-pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through = 1.3.1...

6.5CVSS5.9AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.8 views

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.7 views

CVE-2024-54228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through = 1.0.1...

6.5CVSS7.2AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.11 views

CVE-2023-33930

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Code Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5.66...

9.1CVSS7.1AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/23 9:23 a.m.22 views

CVE-2025-1054 UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to...

6.4CVSS0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:52 a.m.19 views

CVE-2024-37090

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: fro...

8.8CVSS7.6AI score0.0053EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:50 a.m.9 views

CVE-2024-37089

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0...

9.8CVSS6.9AI score0.00609EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:49 a.m.11 views

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0...

8.8CVSS6.9AI score0.00525EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:38 a.m.22 views

CVE-2024-37091

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0;...

9.9CVSS6.9AI score0.01243EPSS
Exploits0
OSV
OSV
added 2025/01/30 7:15 a.m.5 views

CVE-2024-13642

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/30 6:41 a.m.9 views

CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References2
Rows per page
Query Builder