81 matches found
PT-2024-38052 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.6 Description: The issue allows authenticated attackers with Contributor-level permissions and above to extract sensitive data, including private, future, and draft posts...
WordPress ElementsKit Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)
Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7064 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ae540cd84ef6 Credits Webbernaut Required...
WordPress plugin ElementsKit Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-5263
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5263
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5263 ElementsKit Elementor addons and Templates Library <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin ElementsKit Pro security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-35403 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Motion Text and Table widgets. This allows...
CVE-2024-4404
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...
CVE-2024-4404 ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...
Wordpress ElementsKit Pro plugin <= 3.6.2 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability
Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ElementsKit Pro versions = 3.6.2...
ElementsKit Elementor addons and Templates Library < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
WordPress plugin ElementsKit PRO security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress ElementsKit Pro Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5263 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0373e4957a82 Credits wesley wcraft Required...
WordPress ElementsKit Pro Plugin <= 3.6.2 is vulnerable to Server Side Request Forgery (SSRF)
Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-4404 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID b90eaeebfb3f Credits Ngô Thiên An ancorn...
PT-2024-30907 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2 Description: The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the render raw function...
CVE-2024-4452
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions...
CVE-2024-4452
CVE-2024-4452 affects ElementsKit Pro for WordPress. A stored XSS exists in the url parameter up to version 3.6.1 due to insufficient input sanitization and output escaping. Exploitation requires contributor+ permissions; an authenticated attacker can inject scripts that execute when users view i...
WordPress ElementsKit Pro plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin ElementsKit Pro versions = 3.6.1...