119 matches found
WordPress Enhanced Text Widget Plugin <= 1.6.4 is vulnerable to Broken Access Control
Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4175d537e956 Credits Dhabaleshwar Das Require...
CVE-2024-3988
The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to...
CVE-2024-3988
The Sina Extension for Elementor (WordPress plugin) is vulnerable under CVE-2024-3988 to Stored Cross-Site Scripting via the Sina Fancy Text Widget in versions up to 3.5.2. Exploitation requires authenticated access at contributor level+, and scripts can execute when users load injected pages. Th...
WordPress Sina Extension for Elementor plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Sina Fancy Text Widget vulnerability discovered by wesley wcraft in WordPress Plugin Sina Extension for Elementor versions = 3.5.2...
PT-2024-22187 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.96 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags due to insufficient input...
CVE-2024-1458
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textalignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-1458
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textalignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-18062 · Livemesh · Elementor Addons
Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the text alignment attribute...
CVE-2024-31346 WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1...
WordPress Plugin Gradient Text Widget for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Gradient Text...
PT-2024-23989 · Elementor · Gradient Text Widget For Elementor
Name of the Vulnerable Software and Affected Versions: Gradient Text Widget for Elementor versions 1.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. This allows for Stored XS...
WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Gradient Text Widget for Elementor versions = 1.0.1...
CVE-2024-0559
The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
CVE-2024-0559
The CVE-2024-0559 entry concerns the Enhanced Text Widget WordPress plugin (pre-1.6.6). The issue is that certain Widget options are not properly validated or escaped before being echoed in attributes, allowing Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is...
PT-2024-15658 · WordPress · Enhanced Text Widget
Name of the Vulnerable Software and Affected Versions: Enhanced Text Widget WordPress plugin versions prior to 1.6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
WordPress Plugin Enhanced Text Widget Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Enhanced Text Widget Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)
Software Enhanced Text Widget Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0559 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b7618d5a60 Credits Dmitrii Ignatyev...
Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
Enhanced Text Widget <= 1.6.2 - Missing Authorization via etw_hide_admin_notification_callback
Description The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etwhideadminnotificationcallback function in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to hide adm...
WordPress Enhanced Text Widget Plugin <= 1.6.3 is vulnerable to Broken Access Control
Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49192 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 8e44319396d6 Credits Abdi Pranata...