119 matches found
CVE-2023-23823
CVE-2023-23823 refers to a missing authorization vulnerability in the WordPress plugin Enhanced Text Widget up to version 1.5.8 . The underlying issue is a failure in access control (broken authorization) that could allow unauthorized actions on the widget. The CVSS base score is 4.3 (Medium) , w...
CVE-2023-26520 WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Max Chirkov Advanced Text Widget advanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through = 2.1.2...
CVE-2023-26520 WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2...
PT-2024-13689 · Unknown · Clever Widgets Enhanced Text Widget
Name of the Vulnerable Software and Affected Versions: Clever Widgets Enhanced Text Widget versions 1.6.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Enhanced Text Widget, which allows exploiting incorrectly configured access control security...
WordPress plugin Enhanced Text Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Advanced Text Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Enhanced Text Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-12001 · Unknown · Clever Widgets Enhanced Text Widget
Name of the Vulnerable Software and Affected Versions: Clever Widgets Enhanced Text Widget versions 1.5.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Enhanced Text Widget, which allows exploiting incorrectly configured access control security...
WordPress Essential Addons for Elementor plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Robert DeVore in WordPress Plugin Essential Addons for Elementor versions = 6.0.3...
CVE-2024-8440
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output...
WordPress plugin Essential Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-6495
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Premium Addons for Elementor plugin <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.36...
WordPress plugin Premium Addons for Elementor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in th...
PT-2024-37669 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Animated Text widget. This allo...
PT-2024-35403 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Motion Text and Table widgets. This allows...
CVE-2024-4376
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-30638 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Fancy Text widget due to insufficient input sanitization and output...
WordPress Enhanced Text Widget plugin <= 1.6.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Enhanced Text Widget versions = 1.6.4...