375 matches found
WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Qode Essential Addons versions = 1.6.3...
WordPress Qode Essential Addons Plugin <= 1.6.3 is vulnerable to Local File Inclusion
Software Qode Essential Addons Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-50457 Patch priority Low CVSS severity Low 7.5 Developer Qode Interactive PSID 91c64e17ca1a Credits João Pedro S Alcântara...
CVE-2021-4447
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers wi...
CVE-2021-4446
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform...
CVE-2021-4446 Essential Addons for Elementor <= 4.6.4 - Missing Authorization
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform...
WordPress plugin Essential Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
VulnCheck KEV: CVE-2021-4446
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...
PT-2024-11044 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to and including 4.6.4 Description: The issue is related to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created...
CVE-2024-8742 Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitizatio...
WordPress plugin Essential Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-39219 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 6.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget due to insufficient input sanitization an...
WordPress Essential Addons for Elementor plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Robert DeVore in WordPress Plugin Essential Addons for Elementor versions = 6.0.3...
CVE-2024-8440
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output...
WordPress plugin Essential Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-7092
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomoreitemstext’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output...
WordPress plugin Essential Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Essential Addons for Elementor Plugin < 5.9.18 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...
WordPress Essential Addons for Elementor Plugin < 5.8.15 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...
CVE-2024-39649
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.26...
CVE-2024-39649
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite.This issue affects Essential Addons for Elementor: from n/a through = 5.9.26...