Lucene search
K

57 matches found

CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

WordPress plugin Elfsight Testimonials Slider 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

5.9CVSS7.4AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

WordPress plugin Elfsight Testimonials Slider 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

5.4CVSS8.1AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/15 2:27 p.m.6 views

CVE-2025-26561

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through = 1.3.3...

5.9CVSS7.2AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/02/13 2:16 p.m.7 views

CVE-2025-26561

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through = 1.3.3...

5.9CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 1:52 p.m.50 views

CVE-2025-26561

CVE-2025-26561 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Elfsight Yottie Lite (affected versions

5.9CVSS7.2AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/13 1:52 p.m.3 views

CVE-2025-26561 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite allows Stored XSS. This issue affects Elfsight Yottie Lite: from n/a through 1.3.3...

5.9CVSS5.7AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/13 1:52 p.m.14 views

CVE-2025-26561 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through = 1.3.3...

5.9CVSS0.00202EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/13 12:47 p.m.5 views

WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khang Duong in WordPress Plugin Elfsight Yottie Lite versions = 1.3.3...

5.9CVSS6.1AI score0.00202EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.9 views

PT-2025-7189

Name of the Vulnerable Software and Affected Versions: Elfsight Yottie Lite versions 1.3.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicio...

5.9CVSS8.4AI score0.00202EPSS
Exploits0References5
NVD
NVD
added 2024/11/18 5:15 p.m.13 views

CVE-2024-10390

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

6.4CVSS0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/18 4:31 p.m.20 views

CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

6.4CVSS0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/18 4:31 p.m.11 views

CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

6.4CVSS6.8AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2024/11/18 4:31 p.m.55 views

CVE-2024-10390

CVE-2024-10390 affects the Elfsight Telegram Chat CC WordPress plugin (versions up to and including 1.1.0). The issue is a missing capability check in updatePreferences, enabling authenticated attackers with subscriber-level access and above to inject arbitrary scripts into pages, executed when a...

6.4CVSS6.2AI score0.0024EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/18 4:51 a.m.4 views

WordPress Elfsight Telegram Chat CC plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Elfsight Telegram Chat CC versions = 1.1.0...

6.4CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.5 views

PT-2024-16240 · Elfsight · Elfsight Telegram Chat Cc

Name of the Vulnerable Software and Affected Versions: Elfsight Telegram Chat CC plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to a missing capability check on the updatePreferences function, allowing authenticated attackers with subscriber-level acce...

6.4CVSS9.2AI score0.0024EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/11/18 12:0 a.m.16 views

WordPress Elfsight Telegram Chat CC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Elfsight Telegram Chat CC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10390 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fba1da063a Credits István...

6.4CVSS5.6AI score0.0024EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.3 views

WordPress plugin Elfsight Telegram Chat CC 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

6.4CVSS7.9AI score0.0024EPSS
Exploits0References2
Rows per page
Query Builder