Lucene search
K

295 matches found

Vulnrichment
Vulnrichment
added 2023/03/07 2:16 p.m.7 views

CVE-2021-4332 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...

6.5CVSS6.8AI score0.00796EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/07 2:16 p.m.26 views

CVE-2021-4332 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References2
CVE
CVE
added 2023/03/07 2:16 p.m.41 views

CVE-2021-4332

The CVE-2021-4332 entry concerns the WordPress plugin Plus Addons for Elementor. Affected versions are Pro up to 4.1.9 and free up to 2.0.6. The vulnerability is an arbitrary file read caused by the plugin using file_get_contents on an SVG file without validating the file type, allowing a user wi...

6.5CVSS6.3AI score0.00796EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/07 2:7 p.m.7 views

CVE-2021-4331 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege Escalation

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to se...

8.8CVSS7.1AI score0.00885EPSS
Exploits0References2
CVE
CVE
added 2023/03/07 2:7 p.m.43 views

CVE-2021-4331

CVE-2021-4331 – Plus Addons for Elementor (WordPress) is a privilege-escalation flaw in versions up to 4.1.9 (pro) and 2.0.6 (free). The plugin’s registration form exposes the default user role setting to lower-privilege users (e.g., contributors) who can select administrator as default, enabling...

8.8CVSS8.6AI score0.00885EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.4 views

WordPress plugin Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.9AI score0.00885EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.4 views

PT-2023-12427 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including 4.1.9 pro and 2.0.6 free Description: The plugin is vulnerable to privilege escalation due to a registration form that allows users to choose the default role fo...

8.8CVSS8.7AI score0.00885EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.4 views

WordPress plugin Plus Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.5CVSS6.7AI score0.00796EPSS
Exploits0References3
OSV
OSV
added 2022/01/10 4:15 p.m.3 views

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

7.5CVSS5.8AI score0.01815EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/01/10 3:30 p.m.18 views

CVE-2021-24948 The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

7.8AI score0.01815EPSS
Exploits2References2
CVE
CVE
added 2022/01/10 3:30 p.m.45 views

CVE-2021-24948

The CVE affects The Plus Addons for Elementor Pro (WordPress) up to version 5.0.6. The tp_get_dl_post_info_ajax action does not validate the qvquery parameter, allowing unauthenticated users to retrieve sensitive data such as private and draft posts. Public CVSS metrics indicate high impact (CVSS...

7.5CVSS7.6AI score0.01815EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.6 views

WordPress plugin Plus Addons for Elementor - Pro 注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An injection vulnerability exists i...

7.5CVSS7.4AI score0.01815EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.4 views

WordPress plugin The Plus Addons for ElementorSQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability previously...

9.8CVSS8.6AI score0.01704EPSS
Exploits2References3
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.25 views

WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Nicolas Vidal from TEHTRIS in WordPress The Plus Addons for Elementor Pro premium plugin versions = 5.0.6. Solution Update the WordPress The Plus Addons for Elementor Pro premium plugin to the latest available version at least 5.0.7...

9.8CVSS2.6AI score0.01704EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.114 views

The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection

The "WP Search Filters" widget of the plugin does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection The request requires a nonce created with wpcreatenonce"theplus-searchfilter” which can be retrieved from a page where the widget is...

9.8CVSS0.2AI score0.01704EPSS
Exploits2References1
CNVD
CNVD
added 2021/06/16 12:0 a.m.10 views

Unspecified vulnerability in Plus Addons for Elementor Page Builder WordPress plugin (CNVD-2021-44293)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in Plus Addons for Elementor Page Builder WordPress plugin versions...

5.3CVSS7AI score0.0111EPSS
Exploits2References1
CNVD
CNVD
added 2021/06/16 12:0 a.m.8 views

Unspecified Vulnerability in Plus Addons for Elementor Page Builder WordPress plugin

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the Plus Addons for Elementor Page Builder WordPress plugin prior...

6.1CVSS6.6AI score0.02295EPSS
Exploits2References1
NVD
NVD
added 2021/06/14 2:15 p.m.17 views

CVE-2021-24358

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...

6.1CVSS0.02295EPSS
Exploits2References2
OSV
OSV
added 2021/06/14 2:15 p.m.1 views

CVE-2021-24351

The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...

6.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.18 views

CVE-2021-24358 The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...

6AI score0.02295EPSS
Exploits2References2
Rows per page
Query Builder