57 matches found
WordPress plugin Elfsight Testimonials Slider 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...
WordPress plugin Elfsight Testimonials Slider 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
CVE-2025-26561
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through = 1.3.3...
CVE-2025-26561
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through = 1.3.3...
CVE-2025-26561
CVE-2025-26561 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Elfsight Yottie Lite (affected versions
CVE-2025-26561 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite allows Stored XSS. This issue affects Elfsight Yottie Lite: from n/a through 1.3.3...
CVE-2025-26561 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elfsight Elfsight Yottie Lite yottie-lite allows Stored XSS.This issue affects Elfsight Yottie Lite: from n/a through = 1.3.3...
WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khang Duong in WordPress Plugin Elfsight Yottie Lite versions = 1.3.3...
PT-2025-7189
Name of the Vulnerable Software and Affected Versions: Elfsight Yottie Lite versions 1.3.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicio...
CVE-2024-10390
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10390
CVE-2024-10390 affects the Elfsight Telegram Chat CC WordPress plugin (versions up to and including 1.1.0). The issue is a missing capability check in updatePreferences, enabling authenticated attackers with subscriber-level access and above to inject arbitrary scripts into pages, executed when a...
WordPress Elfsight Telegram Chat CC plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Elfsight Telegram Chat CC versions = 1.1.0...
PT-2024-16240 · Elfsight · Elfsight Telegram Chat Cc
Name of the Vulnerable Software and Affected Versions: Elfsight Telegram Chat CC plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to a missing capability check on the updatePreferences function, allowing authenticated attackers with subscriber-level acce...
WordPress Elfsight Telegram Chat CC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Elfsight Telegram Chat CC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10390 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fba1da063a Credits István...
WordPress plugin Elfsight Telegram Chat CC 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...