9 matches found
CVE-2025-8689
CVE-2025-8689 : Elements Plus! for WordPress is vulnerable to Stored Cross‑Site Scripting in versions up to 2.16.4 via the plugin’s Image Comparison, HotSpot Plus, and Google Maps widgets. An authenticated attacker with contributor+ privileges can inject scripts that execute when users load an in...
CVE-2025-7845 Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2024-13642
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Stratum plugin <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.4.7...
CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13642
The CVE refers to WordPress Stratum – Elementor Widgets (Stratum) plugin, vulnerable to Stored Cross-Site Scripting via the Image Hotspot widget. The issue exists in all versions up to and including 1.4.7 and stems from insufficient input sanitization and output escaping on user-supplied attribut...
CVE-2024-3500
The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
PT-2024-26287 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server. This can be used to...
WordPress ElementsKit Pro plugin <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets vulnerability
Authenticated Contributor+ Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.6.0...