Lucene search
+L

386 matches found

Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.9 views

PT-2024-19375 · WordPress · Premium Addons Pro

Name of the Vulnerable Software and Affected Versions: Premium Addons PRO plugin for WordPress versions up to, and including, 2.9.12 Description: The issue is related to Stored Cross-Site Scripting via the Custom Mouse Cursor module due to insufficient input sanitization and output escaping. This...

6.4CVSS8.2AI score0.00423EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.15 views

Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module

Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.19 views

Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget

Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.8AI score0.00413EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/07 12:0 a.m.11 views

WordPress Premium Addons PRO Plugin <= 2.9.12 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons PRO Type Plugin Vulnerable versions = 2.9.12 Fixed in 2.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d43c6fdfdb0b Credits wesley wcraft...

6.4CVSS5.7AI score0.00399EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/02/29 1:43 a.m.26 views

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 1:43 a.m.5 views

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00406EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.18 views

Premium Addons for Elementor < 4.10.22 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/29 12:0 a.m.15 views

WordPress Premium Addons for Elementor Plugin <= 4.10.21 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.21 Fixed in 4.10.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1680 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID dc52f582d20e Credits Webbernaut...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/22 12:0 a.m.16 views

WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.18 Fixed in 4.10.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1242 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID 681ce22404a9 Credits Nikolas Requir...

6.4CVSS5.8AI score0.00406EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.15 views

CVE-2024-1242 Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2024/02/20 6:56 p.m.80 views

CVE-2024-1242

The CVE-2024-1242 entry affects Premium Addons for Elementor (WordPress). Root cause: stored XSS via the button onclick attribute due to insufficient input sanitization and output escaping, exploitable by authenticated users with Contributor+ privileges. Affected versions: up to 4.10.18. Impact d...

6.4CVSS6.1AI score0.00406EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-17587 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.18 Description: The issue is related to Stored Cross-Site Scripting via the button onclick attribute due to insufficient input sanitization and output...

6.4CVSS7.8AI score0.00406EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/02/19 12:0 a.m.13 views

WordPress Premium Addons for Elementor Plugin < 4.10.17 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:leap13:premiumaddonsforelementor"; ifdescription...

6.5CVSS6AI score0.0032EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/15 12:0 a.m.18 views

Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize and escape its buttons' onclick attribute, making it possible for users with at least the contributor role to conduct Stored XSS attacks...

5.5CVSS5.7AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/15 12:0 a.m.20 views

Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not prevent users with at least the contributor role from conducting Stored XSS attacks via the plugin's onClick Event functionality...

5.5CVSS5.7AI score0.00613EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/15 12:0 a.m.19 views

WordPress Premium Addons for Elementor Plugin <= 4.10.18 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.18 Fixed in 4.10.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0326 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f565cfa6cf4c Credits Webbernaut...

6.4CVSS5.8AI score0.00613EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/10 8:15 a.m.6 views

CVE-2024-24831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16...

5.4CVSS7.3AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2024/02/10 8:15 a.m.16 views

CVE-2024-24831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.16...

6.5CVSS6.5AI score0.0032EPSS
Exploits0References2
Prion
Prion
added 2024/02/10 8:15 a.m.22 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16...

4.9CVSS7.2AI score0.0032EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/10 7:40 a.m.23 views

CVE-2024-24831 WordPress Premium Addons for Elementor plugin <= 4.10.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.16...

6.5CVSS6.6AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder