Lucene search
K

375 matches found

Patchstack
Patchstack
added 2024/10/24 10:16 a.m.5 views

WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Qode Essential Addons versions = 1.6.3...

8.8CVSS7AI score0.00543EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.13 views

WordPress Qode Essential Addons Plugin <= 1.6.3 is vulnerable to Local File Inclusion

Software Qode Essential Addons Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50457 Patch priority Low CVSS severity Low 7.5 Developer Qode Interactive PSID 91c64e17ca1a Credits João Pedro S Alcântara...

7.5CVSS7.6AI score0.00543EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/16 7:15 a.m.3 views

CVE-2021-4447

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers wi...

8.8CVSS5.7AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 7:15 a.m.4 views

CVE-2021-4446

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform...

4.3CVSS5.8AI score0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.14 views

CVE-2021-4446 Essential Addons for Elementor <= 4.6.4 - Missing Authorization

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform...

6.3CVSS6.8AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.3 views

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7AI score0.00444EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-4446

The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

6.3CVSS5.7AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-11044 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to and including 4.6.4 Description: The issue is related to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created...

8.8CVSS7AI score0.00444EPSS
Exploits0References10
Cvelist
Cvelist
added 2024/09/13 6:47 a.m.27 views

CVE-2024-8742 Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitizatio...

6.4CVSS0.00354EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.3 views

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.9AI score0.00354EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/13 12:0 a.m.7 views

PT-2024-39219 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 6.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget due to insufficient input sanitization an...

6.4CVSS6AI score0.00354EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/09/11 11:11 p.m.5 views

WordPress Essential Addons for Elementor plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Robert DeVore in WordPress Plugin Essential Addons for Elementor versions = 6.0.3...

6.4CVSS5.8AI score0.00363EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/11 7:15 a.m.6 views

CVE-2024-8440

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00363EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.3 views

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.9AI score0.00363EPSS
Exploits0References5
OSV
OSV
added 2024/08/13 5:15 a.m.7 views

CVE-2024-7092

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomoreitemstext’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00416EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.3 views

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.5AI score0.00416EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/08/02 12:0 a.m.9 views

WordPress Essential Addons for Elementor Plugin < 5.9.18 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...

6.4CVSS6.3AI score0.00602EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/02 12:0 a.m.16 views

WordPress Essential Addons for Elementor Plugin < 5.8.15 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...

6.4CVSS6AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2024/08/01 10:15 p.m.1 views

CVE-2024-39649

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/08/01 10:15 p.m.12 views

CVE-2024-39649

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite.This issue affects Essential Addons for Elementor: from n/a through = 5.9.26...

6.5CVSS0.00279EPSS
Exploits0References1
Rows per page
Query Builder