Lucene search
K

92 matches found

OSV
OSV
added 2024/04/09 7:15 p.m.8 views

CVE-2024-2492

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.0036EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.11 views

CVE-2024-2492 PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.0036EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.30 views

CVE-2024-2492 PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0036EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 6:58 p.m.64 views

CVE-2024-2492

CVE-2024-2492 affects PowerPack Addons for Elementor (WordPress). The issue is a stored cross-site scripting (XSS) flaw in the Twitter Tweet widget present in all versions up to 2.7.18, caused by insufficient input sanitization and output escaping. With contributor-level (or higher) access, an au...

6.4CVSS7.6AI score0.0036EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.8 views

PT-2024-20663 · WordPress · Powerpack Addons For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Addons for Elementor plugin for WordPress versions up to and including 2.7.18 Description: The issue is related to Stored Cross-Site Scripting via the Twitter Tweet widget due to insufficient input sanitization and output escaping...

6.4CVSS8AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin PowerPack Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS7.7AI score0.0036EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/01 5:15 a.m.7 views

WordPress PowerPack Addons for Elementor plugin <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag* vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via htmltag vulnerability discovered by wesley wcraft in WordPress Plugin PowerPack Addons for Elementor versions = 2.7.17...

6.4CVSS6.5AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/01 5:15 a.m.5 views

WordPress PowerPack Addons for Elementor plugin <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Tweet Widget vulnerability discovered by wesley wcraft in WordPress Plugin PowerPack Addons for Elementor versions = 2.7.18...

6.4CVSS6.5AI score0.0036EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.14 views

WordPress PowerPack Addons for Elementor Plugin <= 2.7.17 is vulnerable to Cross Site Scripting (XSS)

Software PowerPack Addons for Elementor Type Plugin Vulnerable versions = 2.7.17 Fixed in 2.7.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2491 Patch priority Low CVSS severity Low 6.5 Developer IdeaBox Creations PSID e7ac7cb26530 Credits wesle...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/30 10:15 a.m.31 views

CVE-2024-2491

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmltag attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/03/30 10:15 a.m.5 views

CVE-2024-2491

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmltag attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS7.4AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.5 views

WordPress Plugin PowerPack Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS7.5AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.9 views

PT-2024-20660 · WordPress · Powerpack Addons For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Addons for Elementor plugin for WordPress versions up to, and including, 2.7.17 Description: The issue is related to Stored Cross-Site Scripting via the html tag attribute of multiple widgets due to insufficient input sanitization a...

6.4CVSS7.9AI score0.0034EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 1:43 a.m.6 views

CVE-2024-1411

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.31 views

Cross site scripting

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.5CVSS6.1AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

WordPress Plugin PowerPack Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS5.9AI score0.00423EPSS
Exploits0References3
NVD
NVD
added 2024/02/21 7:15 a.m.27 views

CVE-2024-24843

Cross-Site Request Forgery CSRF vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8...

8.8CVSS7AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2024/02/21 7:7 a.m.96 views

CVE-2024-24843

CVE-2024-24843 is a CSRF vulnerability in PowerPack Pro for Elementor (PowerPack Addons for Elementor) affecting versions before 2.10.8. Exploitation could allow unauthorized changes to plugin settings (and associated XSS impact per patched disclosure). The fix is to upgrade to PowerPack Pro for ...

8.8CVSS7.5AI score0.0022EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.2 views

WordPress Plugin PowerPack Addons for Elementor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS6.7AI score0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.15 views

CVE-2024-1411 PowerPack Addons for Elementor <= 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS7AI score0.00423EPSS
Exploits0References2
Rows per page
Query Builder