17 matches found
EUVD-2024-31899
Malicious code in bioql PyPI...
CVE-2025-8146
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-27287 · WordPress · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.9.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers wi...
CVE-2024-9530
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the...
CVE-2024-3309
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4364
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2023-47679
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3...
CVE-2024-13699 Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2024-13699
CVE-2024-13699 affects the Qi Addons For Elementor WordPress plugin. It is a Stored Cross-Site Scripting vulnerability via the cursor parameter in all versions up to 1.8.7, enabling an authenticated attacker (Contributor level or higher) to inject scripts that execute when a user loads a page. Ro...
CVE-2024-9530 Qi Addons For Elementor <= 1.8.0 - Sensitive Information Exposure
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the...
PT-2024-39680 · WordPress · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.8.0 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the contents of private...
CVE-2024-4887
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qiaddonsforelementorbloglist shortcode. This makes it possible for authenticated attackers, with Contributor-level access...
EUVD-2024-44457
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qiaddonsforelementorbloglist shortcode. This makes it possible for authenticated attackers, with Contributor-level access...
PT-2024-33251 · WordPress · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.7.2 Description: The issue allows authenticated attackers with Contributor-level access and above to include remote files on the server, resulting in code execution...
PT-2024-30607 · WordPress · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's button widgets due to insufficient input sanitization and output escaping on...
CVE-2023-47679 WordPress Qi Addons For Elementor plugin <= 1.6.3 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3...
CVE-2024-0826 Qi Addons For Elementor <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...