Lucene search
+L

386 matches found

NVD
NVD
added 2024/03/15 7:15 a.m.25 views

CVE-2024-2399

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00408EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/15 6:48 a.m.15 views

CVE-2024-2399

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00408EPSS
Exploits0References3
CVE
CVE
added 2024/03/15 6:48 a.m.81 views

CVE-2024-2399

CVE-2024-2399 affects the Premium Addons for Elementor plugin for WordPress. It is a Stored XSS vulnerability via widget attributes caused by insufficient input sanitization and output escaping in versions up to and including 4.10.23. Exploitation requires an authenticated attacker with contribut...

6.4CVSS7.4AI score0.00408EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/15 6:48 a.m.31 views

CVE-2024-2399 Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00408EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.5 views

WordPress Plugin Premium Addons PRO Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.1AI score0.00408EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/03/15 12:0 a.m.8 views

WordPress Premium Addons for Elementor Plugin <= 4.10.16 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.16 Fixed in 4.10.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29106 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 89d8d110c101 Credits Khalid Yusuf Required...

6.5CVSS6.7AI score0.00316EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.11 views

PT-2024-20222 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 4.10.23 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS8AI score0.00408EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.14 views

WordPress Premium Addons for Elementor Plugin <= 4.10.23 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.23 Fixed in 4.10.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2399 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 5bd87070f423 Credits wesley wcraft...

6.4CVSS6AI score0.00408EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/13 4:15 p.m.27 views

CVE-2024-2238

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.35 views

CVE-2024-2239

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-2239

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.21 views

CVE-2024-2237

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.3 views

CVE-2024-2237

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-2238

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.9 views

CVE-2024-2000

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigationdots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.8 views

CVE-2024-1997

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS7.4AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.32 views

CVE-2024-1997

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-1996

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS5.9AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-1680

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes ...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.22 views

CVE-2024-0326

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible fo...

6.4CVSS5.7AI score0.00613EPSS
Exploits0References5
Rows per page
Query Builder