40 matches found
CVE-2023-34370 Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins
Server-Side Request Forgery SSRF vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premiu...
CVE-2024-1500
CVE-2024-1500 concerns the Royal Elementor Addons and Templates plugin for WordPress. It describes Stored Cross-Site Scripting via the Logo Widget in all versions up to 1.3.91, caused by insufficient input sanitization and output escaping on user-supplied URLs. The vulnerability allows authentica...
CVE-2024-0516
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update...
CVE-2024-0512
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the addtowishlist function. This makes it possible for unauthenticated attackers to add...
CVE-2024-0515 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the removefromcompare function. This makes it possible for unauthenticated attackers to...
CVE-2024-0511 Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_meta
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wprupdateformactionmeta function. This makes it possible for unauthenticated attacker...
CVE-2023-5922
The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action and REST endpoint, currently disabled in the plugin have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protect...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in ioannup Edit WooCommerce Templates plugin = 1.1.1 versions...
CVE-2022-47181 WordPress Email Templates plugin <= 1.4.2 - Cross Site Request Forgery (CSRF)
A vulnerability in Saad Iqbal Email Templates email-templates.This issue affects Email Templates: from n/a through = 1.4.2...
CVE-2022-47181 WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2...
WordPress Plugin Royal Elementor Addons and Templates Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2022-47175
Cross-Site Request Forgery CSRF vulnerability in P Royal Royal Elementor Addons and Templates plugin = 1.3.75 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in P Royal Royal Elementor Addons and Templates plugin = 1.3.75 versions...
CVE-2019-25150
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators...
CVE-2019-25150 Email Templates <= 1.3 - HTML Injection
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators...
CVE-2022-46851
Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Starter Templates plugin = 3.1.20 versions...
CVE-2022-46851
CVE-2022-46851 is a CSRF vulnerability in the Brainstorm Force Starter Templates plugin for WordPress, affecting versions
CVE-2023-25490
CVE-2023-25490 concerns the WordPress plugin Archivist – Custom Archive Templates (versions
Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder...
WordPress Rife Elementor Extensions & Templates 跨站脚本漏洞
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Rife Elementor Extensions&Templates Plugin versions prior to 1.1.6. An attacker can exploit this vulnerability to launch a cross-site scripting attack...