WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget vulnerability

WordPress HT Mega - Absolute Addons For Elementor plugin = 2.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Lightbox Widget vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.4.6...

EUVD-2024-46795

Malicious code in bioql PyPI...

EUVD-2024-50359

Malicious code in bioql PyPI...

CVE-2024-9058

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

CVE-2024-9058

CVE-2024-9058 is a stored XSS in the Lightbox widget of the WordPress plugin “Element Pack Elementor Addons” (bdthemes-element-pack-lite/Element Pack Addons for Elementor). The issue exists in all versions up to and including 5.10.5 and is exploitable by authenticated users with Contributor-level...

CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

PT-2024-39394 · Elementor · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: Element Pack Elementor Addons versions up to 5.10.5 Description: The issue is related to stored cross-site scripting via the Lightbox widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

WordPress Element Pack Elementor Addons plugin <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Lightbox Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.5...

CVE-2024-5612

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaellightboxopenbtnicon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This mak...

WordPress Essential Addons for Elementor Pro plugin <= 5.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Lightbox and Modal Widget vulnerability discovered by wesley wcraft in WordPress Plugin Essential Addons for Elementor Pro versions = 5.8.15...

PT-2024-36719 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor Pro plugin for WordPress versions up to, and including, 5.8.15 Description: The issue is related to Stored Cross-Site Scripting via the eael lightbox open btn icon parameter within the Lightbox & Modal widge...

CVE-2024-2084

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2024-18748 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's lightbox widget due to insufficient input sanitization and...

WordPress plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

HT Mega < 2.4.7 - Contributor+ Stored XSS via Lightbox Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...