15 matches found
CVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...
CVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...
CVE-2025-11220
CVE-2025-11220 affects the Elementor Website Builder (Text Path widget) and its SVG markup construction. Up to 3.33.3, it allows Stored Cross-Site Scripting via user input not properly neutralized, enabling authenticated attackers with contributor-level access and above to inject web scripts in p...
CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...
CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...
PT-2025-51472
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...
EUVD-2025-31818
Malicious code in bioql PyPI...
CVE-2025-9075
The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...
CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...
CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget
The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This...
CVE-2024-1256
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filtertext.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...
SUSE CVE-2018-5155
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.8, Thunderbird ESR 52.8, Firefox 60, and Firefox ESR 52.8...
DEBIAN-CVE-2018-5155
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.8, Thunderbird ESR 52.8, Firefox 60, and Firefox ESR 52.8...
Mozilla Firefox Memory Misreference Vulnerability (CNVD-2018-10245)
Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. Mozilla Firefox suffers from a memory misreference vulnerability when adjusting the layout during SVG animations using text paths. An attacker could exploit the vulnerability to cause a denial ...
UBUNTU-CVE-2018-5155
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.8, Thunderbird ESR 52.8, Firefox 60, and Firefox ESR 52.8...