WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.2 is vulnerable to Cross Site Scripting (XSS)

Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.2 Fixed in 5.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43977 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID 3c992f51ea8a Credits...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

VulnCheck KEV: CVE-2024-43932

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through = 5.6.2...

CVE-2024-5583

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...

WordPress plugin The Plus Addons for Elementor 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

PT-2024-36590 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.2 Description: The issue is related to Stored Cross-Site Scripting via the carousel direction parameter of the testimonials widget. This is due to insufficient input sanitizatio...

CVE-2024-6575

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘reswidthvalue’ parameter within the plugin's tppagescroll widget in all versions up to, and including, 5.6.2 due to...

CVE-2024-6575 The Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘reswidthvalue’ parameter within the plugin's tppagescroll widget in all versions up to, and including, 5.6.2 due to...

CVE-2024-6575

The Plus Addons for Elementor (The Plus Addons for Elementor Page Builder) contains a Stored Cross‑Site Scripting (Stored XSS) flaw in the tp_page_scroll widget via the res_width_value parameter. Affected versions include all up to and including 5.6.2. Exploitation requires authentication at Cont...

CVE-2024-5763 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Video Widget vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

WordPress plugin The Plus Addons for Elementor 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

PT-2024-37130 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.2 Description: The issue is related to Stored Cross-Site Scripting via the video date attribute within the plugin's Video widget due to insufficient input sanitization and outpu...

PT-2024-37731 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.2 Description: The issue is related to Stored Cross-Site Scripting via the res width value parameter within the plugin's tp page scroll widget due to insufficient input...

WordPress The Plus Addons for Elementor plugin <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.1...

WordPress plugin The Plus Addons for Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 5.6.0 is vulnerable to Cross Site Scripting (XSS)

Software The Plus Addons for Elementor Page Builder Lite Type Plugin Vulnerable versions = 5.6.0 Fixed in 5.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4983 Patch priority Low CVSS severity Low 6.5 Developer POSIMYTH Innovations PSID...

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazinestyle' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-5455

CVE-2024-5455 affects The Plus Addons for Elementor Page Builder (WordPress). It allows Local File Inclusion via magazine_style in the Dynamic Smart Showcase widget, enabling authenticated attackers with Contributor+ access to include/execute arbitrary PHP files. Affected versions are up to 5.5.4...

CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazinestyle' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level...