97 matches found
CVE-2024-37479 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.8.1...
CVE-2024-5349
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
CVE-2024-5349
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
WordPress LA-Studio Element Kit for Elementor Plugin <= 1.3.8.1 is vulnerable to Local File Inclusion
Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.3.8.1 Fixed in 1.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37479 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ddb890f0e5f3 Credits João Pedro S Alcânta...
WordPress plugin LA-Studio Element Kit for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin LA-Studio Element Kit for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin LA-Studio Element Kit for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.6...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.7.6...
WordPress plugin LA-Studio Element Kit for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-2249
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. Th...
CVE-2024-2249
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. Th...
PT-2024-19446 · WordPress · La-Studio Element Kit For Elementor
Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.3.7.4 Description: The issue is related to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets. This is due to insufficie...
WordPress Plugin LA-Studio Element Kit for Elementor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress LA-Studio Element Kit for Elementor Plugin <= 1.1.5 is vulnerable to Broken Access Control
Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50884 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0dcf79343479 Credits thiennv...