Lucene search
K

81 matches found

Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.6 views

PT-2024-38052 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.6 Description: The issue allows authenticated attackers with Contributor-level permissions and above to extract sensitive data, including private, future, and draft posts...

4.3CVSS6.4AI score0.00356EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/08/15 12:0 a.m.15 views

WordPress ElementsKit Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7064 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ae540cd84ef6 Credits Webbernaut Required...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.3 views

WordPress plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.5AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2024/06/15 2:15 a.m.4 views

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2024/06/15 2:15 a.m.23 views

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/15 2:1 a.m.11 views

CVE-2024-5263 ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.2 views

WordPress plugin ElementsKit Pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.7AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/15 12:0 a.m.3 views

PT-2024-35403 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Motion Text and Table widgets. This allows...

6.4CVSS7.2AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2024/06/14 6:15 a.m.4 views

CVE-2024-4404

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...

9.6CVSS5.8AI score0.00322EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/14 5:39 a.m.20 views

CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...

8.5CVSS6.7AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 5:39 a.m.29 views

CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...

8.5CVSS0.00322EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/14 3:4 a.m.4 views

Wordpress ElementsKit Pro plugin <= 3.6.2 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ElementsKit Pro versions = 3.6.2...

9.6CVSS7.1AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/14 12:0 a.m.13 views

ElementsKit Elementor addons and Templates Library < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.3 views

WordPress plugin ElementsKit PRO security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.6CVSS6.7AI score0.00322EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/14 12:0 a.m.11 views

WordPress ElementsKit Pro Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5263 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0373e4957a82 Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/14 12:0 a.m.8 views

WordPress ElementsKit Pro Plugin <= 3.6.2 is vulnerable to Server Side Request Forgery (SSRF)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-4404 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID b90eaeebfb3f Credits Ngô Thiên An ancorn...

9.6CVSS6.6AI score0.00322EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.4 views

PT-2024-30907 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2 Description: The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the render raw function...

9.6CVSS7.1AI score0.00322EPSS
Exploits0References7
OSV
OSV
added 2024/05/21 2:15 p.m.4 views

CVE-2024-4452

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2024/05/21 1:51 p.m.67 views

CVE-2024-4452

CVE-2024-4452 affects ElementsKit Pro for WordPress. A stored XSS exists in the url parameter up to version 3.6.1 due to insufficient input sanitization and output escaping. Exploitation requires contributor+ permissions; an authenticated attacker can inject scripts that execute when users view i...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/21 3:48 a.m.5 views

WordPress ElementsKit Pro plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin ElementsKit Pro versions = 3.6.1...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder