Lucene search
K

81 matches found

CNNVD
CNNVD
added 2024/05/21 12:0 a.m.3 views

WordPress Plugin ElementsKit Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/21 12:0 a.m.11 views

WordPress ElementsKit Pro Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4123c1a8007b Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.3 views

PT-2024-31166 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.1 Description: The issue is related to Stored Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6AI score0.00263EPSS
Exploits0References9
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-3500

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

8.8CVSS6.3AI score
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.21 views

CVE-2024-3500

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

8.8CVSS9AI score0.01063EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

8.8CVSS6.5AI score0.01063EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.56 views

CVE-2024-3500

This CVE (CVE-2024-3500) concerns ElementsKit Pro for WordPress. The vulnerability is Local File Inclusion via the Price Menu, Hotspot, and Advanced Toggle widgets in all versions up to 3.6.0. An authenticated attacker with contributor-level access or higher can include and execute arbitrary PHP ...

8.8CVSS6.5AI score0.01063EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.3 views

WordPress Plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.8AI score0.01063EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-26287 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server. This can be used to...

8.8CVSS7.8AI score0.01063EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/04/26 12:32 a.m.5 views

WordPress ElementsKit Pro plugin <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets vulnerability

Authenticated Contributor+ Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.6.0...

8.8CVSS7AI score0.01063EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 12:0 a.m.12 views

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Local File Inclusion

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3500 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 23f884009c74 Credits Webbernaut Required privilege Contributor...

8.8CVSS6.8AI score0.01063EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/19 2:15 a.m.19 views

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2024/04/19 2:15 a.m.17 views

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS6AI score0.00323EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/19 2:6 a.m.3 views

WordPress ElementsKit Pro plugin <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'ekitbtnid' vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ElementsKit Pro versions = 3.6.0...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/19 1:57 a.m.17 views

CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS6.1AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2024/04/19 1:57 a.m.62 views

CVE-2024-3598

CVE-2024-3598 affects ElementsKit Pro (WordPress) via a Stored Cross-Site Scripting flaw in the Creative Button widget. The issue, present in ElementsKit Pro versions up to 3.6.0, arises from insufficient input sanitization/output escaping for the ekit_btn_id attribute, enabling an authenticated ...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/19 12:0 a.m.8 views

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

WordPress Plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.5 views

PT-2024-26818 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to Stored Cross-Site Scripting in the Creative Button widget due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS5.9AI score0.00323EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/11/13 12:0 a.m.10 views

WordPress ElementsKit Pro Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.6.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b8963eeda442 Credits Rafie Muhammad Patchsta...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder