Lucene search
K

177 matches found

Vulnrichment
Vulnrichment
added 2025/08/06 3:41 a.m.3 views

CVE-2025-7498 Exclusive Addons for Elementor <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00217EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.4 views

WordPress plugin Exclusive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Exclusive Addons For Elementor, which stems from insufficient input cleanup and escaping, and can be exploited by a...

6.4CVSS6.1AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/28 11:46 p.m.5 views

CVE-2025-4783

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS4.9AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2025/05/27 12:15 a.m.12 views

CVE-2025-4783

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00232EPSS
Exploits0References2
OSV
OSV
added 2025/05/27 12:15 a.m.5 views

CVE-2025-4783

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/26 11:22 p.m.15 views

CVE-2025-4783 Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.4 views

WordPress plugin Exclusive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS6AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/26 12:0 a.m.5 views

PT-2025-22909 · WordPress · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.7.9.1 Description: The issue is related to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget due to insufficient input...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 10:14 a.m.28 views

CVE-2024-32557

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2...

6.5CVSS5.2AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.8 views

CVE-2024-30177

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8...

6.5CVSS8.6AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.3 views

CVE-2024-5332

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.3 views

CVE-2024-3985

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS6AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:14 a.m.2 views

CVE-2024-30232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9...

6.5CVSS8.6AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.7 views

CVE-2024-10312

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

4.3CVSS6.5AI score0.00426EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.8 views

CVE-2024-33914

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1...

9.8CVSS5.2AI score0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.10 views

CVE-2024-4618

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for...

6.4CVSS5.8AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.8 views

CVE-2024-49292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through = 2.7.1...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.9 views

CVE-2025-48244

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through = 2.7.9...

5.9CVSS5.9AI score0.00274EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 4:28 p.m.6 views

WordPress Exclusive Addons Elementor plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9...

5.9CVSS6AI score0.00274EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/05/19 3:15 p.m.11 views

CVE-2025-48244

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through = 2.7.9...

5.9CVSS0.00274EPSS
Exploits0References1
Rows per page
Query Builder