Lucene search
K

65 matches found

Patchstack
Patchstack
added 2024/04/15 12:40 p.m.5 views

WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Friday Patchstack Alliance in WordPress Plugin Mega Addons For Elementor versions = 1.8...

5.4CVSS7AI score0.00387EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/02/29 5:15 a.m.4 views

CVE-2023-51529

Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3...

8.8CVSS7.3AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

WordPress Plugin HT Mega - Absolute Addons For Elementor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin HT Mega - Absolute Addons For Elementor...

8.8CVSS6.7AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2023/05/08 2:15 p.m.5 views

CVE-2023-0268

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS6.7AI score0.00444EPSS
Exploits2References1
NVD
NVD
added 2023/05/08 2:15 p.m.56 views

CVE-2023-0268

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1
CVE
CVE
added 2023/05/08 1:58 p.m.72 views

CVE-2023-0268

CVE-2023-0268 affects Mega Addons For WPBakery Page Builder for WordPress, specifically versions prior to 4.3.0. Root cause: the plugin does not validate/escape certain shortcode attributes before echoing them, enabling Stored XSS when the shortcode is rendered on a page by users with contributor...

5.4CVSS5.5AI score0.00444EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.19 views

WordPress plugin Mega Addons For WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.20 views

WordPress Mega Addons For WPBakery Page Builder Plugin <= 4.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Mega Addons For WPBakery Page Builder Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0268 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4952c1a005f...

5.4CVSS5.9AI score0.00444EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/17 12:0 a.m.52 views

Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC vctestimonial link='target:"...

5.4CVSS5.4AI score0.00444EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/04/17 12:0 a.m.139 views

Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. vctestimonial link='target:"...

5.4CVSS5.6AI score0.00444EPSS
Exploits2
OSV
OSV
added 2022/12/14 9:15 p.m.6 views

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

6.5CVSS5.8AI score0.00692EPSS
Exploits0References2
Prion
Prion
added 2022/12/14 9:15 p.m.18 views

Authorization

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

4CVSS6.2AI score0.00692EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/14 8:38 p.m.29 views

CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

7.1CVSS6.9AI score0.00692EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/14 8:38 p.m.12 views

CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

7.1CVSS6.6AI score0.00692EPSS
Exploits0References2
CVE
CVE
added 2022/12/14 8:38 p.m.53 views

CVE-2022-4501

The CVE-2022-4501 entry concerns the Mega Addons plugin for WordPress, where an authorization bypass exists due to a missing capability check in the vc_saving_data function up to version 4.2.7. This allows authenticated users with subscriber-level permissions and above to update plugin settings. ...

7.1CVSS6.6AI score0.00692EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.19 views

WordPress plugin Mega Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.1CVSS6.5AI score0.00692EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.9 views

PT-2022-27365 · WordPress · Mega Addons

Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...

7.1CVSS6.2AI score0.00692EPSS
Exploits0References5
NVD
NVD
added 2022/09/23 2:15 p.m.16 views

CVE-2022-36798

Cross-Site Request Forgery CSRF vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin = 4.2.7 at WordPress...

8.8CVSS0.00289EPSS
Exploits0References2
OSV
OSV
added 2022/09/23 2:15 p.m.4 views

CVE-2022-36798

Cross-Site Request Forgery CSRF vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin = 4.2.7 at WordPress...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
Prion
Prion
added 2022/09/23 2:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin = 4.2.7 at WordPress...

6.8CVSS8.8AI score0.00289EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder