WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via LaStudioKit Post Author Widget vulnerability discovered by Abu Hurayra in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.7.5...

CVE-2024-3005

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

WordPress plugin LA-Studio Element Kit for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-23183 · WordPress · La-Studio Element Kit

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.3.7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget due to insufficient input...