21 matches found
EUVD-2025-27647
Malicious code in bioql PyPI...
EUVD-2024-30275
Malicious code in bioql PyPI...
CVE-2025-8689
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison, HotSpot Plus, and Google Maps widgets in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8689
CVE-2025-8689 : Elements Plus! for WordPress is vulnerable to Stored Cross‑Site Scripting in versions up to 2.16.4 via the plugin’s Image Comparison, HotSpot Plus, and Google Maps widgets. An authenticated attacker with contributor+ privileges can inject scripts that execute when users load an in...
CVE-2025-8689 Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison, HotSpot Plus, and Google Maps widgets in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress Elements Plus! plugin <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Elements Plus! versions = 2.16.4...
WordPress plugin Elements Plus 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2025-37136
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison, HotSpot Plus, and Google Maps widgets in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-32457
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3...
CVE-2024-32457
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3...
CVE-2024-32457
CVE-2024-32457: Stored XSS in Elements Plus! (CSSIgniter) via improper input neutralization during web page generation. Affected: Elements Plus! ≤ 2.16.3. Mitigation: upgrade to 2.16.3 (patched).
CVE-2024-32457 WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3...
CVE-2024-32457 WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3...
WordPress Plugin Elements Plus! 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A cross-site...
PT-2024-24588 · Unknown · Elements Plus!
Name of the Vulnerable Software and Affected Versions: Elements Plus! versions prior to 2.16.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious...
WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Elements Plus! versions = 2.16.3...
WordPress Elements Plus! Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)
Software Elements Plus! Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32457 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 693915246ad8 Credits Khalid Yusuf Required privilege...
CVE-2024-2335 Elements Plus! <= 2.16.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
PT-2024-19829 · WordPress · Elements Plus!
Name of the Vulnerable Software and Affected Versions: Elements Plus! plugin for WordPress versions up to, and including, 2.16.2 Description: The issue is related to Stored Cross-Site Scripting via multiple widget link URLs due to insufficient input sanitization and output escaping on user-suppli...
WordPress Plugin Elements Plus! 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...