386 matches found
PT-2024-19375 · WordPress · Premium Addons Pro
Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting via the Custom Mouse Cursor module due to insufficient input sanitization and output escaping. This...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...
WordPress Premium Addons PRO Plugin <= 2.9.12 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.12 Fixed in 2.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d43c6fdfdb0b Credits wesley wcraft...
CVE-2024-1242
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1242
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Premium Addons for Elementor < 4.10.22 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
WordPress Premium Addons for Elementor Plugin <= 4.10.21 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.21 Fixed in 4.10.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1680 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID dc52f582d20e Credits Webbernaut...
WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.18 Fixed in 4.10.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1242 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 681ce22404a9 Credits Nikolas Requir...
CVE-2024-1242 Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1242
The CVE-2024-1242 entry affects Premium Addons for Elementor (WordPress). Root cause: stored XSS via the button onclick attribute due to insufficient input sanitization and output escaping, exploitable by authenticated users with Contributor+ privileges. Affected versions: up to 4.10.18. Impact d...
PT-2024-17587 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.18 Description: The issue is related to Stored Cross-Site Scripting via the button onclick attribute due to insufficient input sanitization and output...
WordPress Premium Addons for Elementor Plugin < 4.10.17 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:leap13:premiumaddonsforelementor"; ifdescription...
Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize and escape its buttons' onclick attribute, making it possible for users with at least the contributor role to conduct Stored XSS attacks...
Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not prevent users with at least the contributor role from conducting Stored XSS attacks via the plugin's onClick Event functionality...
WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS)
Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.18 Fixed in 4.10.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0326 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f565cfa6cf4c Credits Webbernaut...
CVE-2024-24831
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16...
CVE-2024-24831
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.16...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16...
CVE-2024-24831 WordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.16...