295 matches found
CVE-2021-4332 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...
CVE-2021-4332 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...
CVE-2021-4332
The CVE-2021-4332 entry concerns the WordPress plugin Plus Addons for Elementor. Affected versions are Pro up to 4.1.9 and free up to 2.0.6. The vulnerability is an arbitrary file read caused by the plugin using file_get_contents on an SVG file without validating the file type, allowing a user wi...
CVE-2021-4331 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege Escalation
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to se...
CVE-2021-4331
CVE-2021-4331 – Plus Addons for Elementor (WordPress) is a privilege-escalation flaw in versions up to 4.1.9 (pro) and 2.0.6 (free). The plugin’s registration form exposes the default user role setting to lower-privilege users (e.g., contributors) who can select administrator as default, enabling...
WordPress plugin Plus Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-12427 · WordPress · The Plus Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including 4.1.9 pro and 2.0.6 free Description: The plugin is vulnerable to privilege escalation due to a registration form that allows users to choose the default role fo...
WordPress plugin Plus Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2021-24948
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...
CVE-2021-24948 The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...
CVE-2021-24948
The CVE affects The Plus Addons for Elementor Pro (WordPress) up to version 5.0.6. The tp_get_dl_post_info_ajax action does not validate the qvquery parameter, allowing unauthenticated users to retrieve sensitive data such as private and draft posts. Public CVSS metrics indicate high impact (CVSS...
WordPress plugin Plus Addons for Elementor - Pro 注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An injection vulnerability exists i...
WordPress plugin The Plus Addons for ElementorSQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability previously...
WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Nicolas Vidal from TEHTRIS in WordPress The Plus Addons for Elementor Pro premium plugin versions = 5.0.6. Solution Update the WordPress The Plus Addons for Elementor Pro premium plugin to the latest available version at least 5.0.7...
The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection
The "WP Search Filters" widget of the plugin does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection The request requires a nonce created with wpcreatenonce"theplus-searchfilter” which can be retrieved from a page where the widget is...
Unspecified vulnerability in Plus Addons for Elementor Page Builder WordPress plugin (CNVD-2021-44293)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in Plus Addons for Elementor Page Builder WordPress plugin versions...
Unspecified Vulnerability in Plus Addons for Elementor Page Builder WordPress plugin
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the Plus Addons for Elementor Page Builder WordPress plugin prior...
CVE-2021-24358
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...
CVE-2021-24351
The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...
CVE-2021-24358 The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...