65 matches found
WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Friday Patchstack Alliance in WordPress Plugin Mega Addons For Elementor versions = 1.8...
CVE-2023-51529
Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3...
WordPress Plugin HT Mega - Absolute Addons For Elementor Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin HT Mega - Absolute Addons For Elementor...
CVE-2023-0268
The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0268
The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0268
CVE-2023-0268 affects Mega Addons For WPBakery Page Builder for WordPress, specifically versions prior to 4.3.0. Root cause: the plugin does not validate/escape certain shortcode attributes before echoing them, enabling Stored XSS when the shortcode is rendered on a page by users with contributor...
WordPress plugin Mega Addons For WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Mega Addons For WPBakery Page Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Mega Addons For WPBakery Page Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0268 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4952c1a005f...
Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC vctestimonial link='target:"...
Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. vctestimonial link='target:"...
CVE-2022-4501
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...
Authorization
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...
CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...
CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...
CVE-2022-4501
The CVE-2022-4501 entry concerns the Mega Addons plugin for WordPress, where an authorization bypass exists due to a missing capability check in the vc_saving_data function up to version 4.2.7. This allows authenticated users with subscriber-level permissions and above to update plugin settings. ...
WordPress plugin Mega Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2022-27365 · WordPress · Mega Addons
Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...
CVE-2022-36798
Cross-Site Request Forgery CSRF vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin = 4.2.7 at WordPress...
CVE-2022-36798
Cross-Site Request Forgery CSRF vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin = 4.2.7 at WordPress...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin = 4.2.7 at WordPress...