Lucene search
K

26 matches found

EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42861

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
CVE
CVE
added 4 days ago10 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the Image Box widget’s sg_body_description parameter, affecting versions up to 3.2.6. The issue stems from insufficient input sanitization and...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/02/02 7:28 p.m.8 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00423EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-27147

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00423EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.3 views

CVE-2024-3074

The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1327

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-lev...

6.4CVSS5AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.8 views

CVE-2024-4370

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.7 views

PT-2024-29756 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting in the Themesflat Addons For Elementor plugin for WordPress. This is due to insufficien...

6.4CVSS6.1AI score0.00425EPSS
Exploits0References16
Cvelist
Cvelist
added 2024/05/14 11:31 p.m.38 views

CVE-2024-4370 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.3AI score0.0042EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/14 11:56 a.m.5 views

WordPress WPZOOM Addons for Elementor (Templates, Widgets) plugin <= 1.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by stealthcopter in WordPress Plugin WPZOOM Addons for Elementor versions = 1.1.36...

6.4CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

WordPress plugin WPZOOM Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References6
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-2185

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00423EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.12 views

CVE-2024-2185 Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.5 views

WordPress Plugin Beaver Builder Addons by WPZOOM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress...

6.4CVSS7.7AI score0.00423EPSS
Exploits0References3
NVD
NVD
added 2024/04/03 3:15 a.m.22 views

CVE-2024-1327

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-lev...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.4 views

WordPress Plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS8AI score0.0032EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.19 views

Beaver Builder Addons by WPZOOM < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

Description The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.6 views

PT-2024-3147 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's image box widget due to insufficient input sanitization and output escaping. This...

6.4CVSS8AI score0.0032EPSS
Exploits0References9
OSV
OSV
added 2021/04/05 7:15 p.m.3 views

CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS5.8AI score0.00746EPSS
Exploits2References2
Prion
Prion
added 2021/04/05 7:15 p.m.18 views

Design/Logic Flaw

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

3.5CVSS5.5AI score0.00746EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder