4 matches found
WordPress Mega Elements plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by zer0gh0st in WordPress Plugin Mega Elements versions = 1.3.2...
WordPress Mega Elements Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Mega Elements Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47343 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1be74e6ef4a6 Credits João Pedro S Alcântara Kinorth Required...
WordPress Mega Elements Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Mega Elements Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37466 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2dbf20c7c841 Credits João Pedro S Alcântara Kinorth Required...
CVE-2024-4702
CVE-2024-4702 refers to a Stored Cross-Site Scripting flaw in the Mega Elements – Addons for Elementor WordPress plugin. The issue arises in the Button widget, due to insufficient input sanitization and output escaping on user-supplied attributes, enabling an attacker with contributor-level acces...