CVE-2024-13548

The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13548

CVE-2024-13548 concerns the WordPress plugin Power Ups for Elementor. The vulnerability is a Stored Cross-Site Scripting flaw in the plugin’s shortcodes (notably the 'magic-button') present in all versions up to 1.2.2, caused by insufficient input sanitization and output escaping on user-supplied...

CVE-2024-13548 Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Power Ups for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress Power Ups for Elementor Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Power Ups for Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f90ede97ce0 Credits Rafie Muhammad Patchstack...

WordPress Power Ups for Elementor plugin <= 1.2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Power Ups for Elementor plugin versions = 1.2.1. Solution Update the WordPress Power Ups for Elementor plugin to the latest available version at least 1.2.2...

WordPress Power Ups for Elementor plugin <= 1.2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Power Ups for Elementor plugin versions = 1.2.1. Solution Update the WordPress Power Ups for Elementor plugin to the latest available version at least 1.2.2...