Lucene search
K

119 matches found

Patchstack
Patchstack
added 2024/04/26 12:0 a.m.11 views

WordPress Enhanced Text Widget Plugin <= 1.6.4 is vulnerable to Broken Access Control

Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4175d537e956 Credits Dhabaleshwar Das Require...

6.2AI score0.00208EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/04/25 8:15 a.m.4 views

CVE-2024-3988

The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to...

5.4CVSS5.9AI score0.0043EPSS
Exploits0References3
CVE
CVE
added 2024/04/25 7:33 a.m.101 views

CVE-2024-3988

The Sina Extension for Elementor (WordPress plugin) is vulnerable under CVE-2024-3988 to Stored Cross-Site Scripting via the Sina Fancy Text Widget in versions up to 3.5.2. Exploitation requires authenticated access at contributor level+, and scripts can execute when users load injected pages. Th...

6.4CVSS5.7AI score0.0043EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/25 2:20 a.m.4 views

WordPress Sina Extension for Elementor plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Sina Fancy Text Widget vulnerability discovered by wesley wcraft in WordPress Plugin Sina Extension for Elementor versions = 3.5.2...

6.4CVSS5.8AI score0.0043EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.5 views

PT-2024-22187 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.96 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags due to insufficient input...

6.4CVSS5.9AI score0.00434EPSS
Exploits0References7
NVD
NVD
added 2024/04/09 7:15 p.m.21 views

CVE-2024-1458

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textalignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 7:15 p.m.6 views

CVE-2024-1458

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textalignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00427EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.7 views

PT-2024-18062 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the text alignment attribute...

6.4CVSS8AI score0.00427EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/07 5:37 p.m.14 views

CVE-2024-31346 WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1...

6.5CVSS8.6AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/07 12:0 a.m.3 views

WordPress Plugin Gradient Text Widget for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Gradient Text...

6.5CVSS7.9AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.4 views

PT-2024-23989 · Elementor · Gradient Text Widget For Elementor

Name of the Vulnerable Software and Affected Versions: Gradient Text Widget for Elementor versions 1.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability. This allows for Stored XS...

6.5CVSS8.4AI score0.0032EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/05 11:17 a.m.4 views

WordPress Gradient Text Widget for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Gradient Text Widget for Elementor versions = 1.0.1...

6.5CVSS6.1AI score0.0032EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/03/11 6:15 p.m.4 views

CVE-2024-0559

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

6.5CVSS7.3AI score0.00497EPSS
Exploits2References2
CVE
CVE
added 2024/03/11 5:56 p.m.93 views

CVE-2024-0559

The CVE-2024-0559 entry concerns the Enhanced Text Widget WordPress plugin (pre-1.6.6). The issue is that certain Widget options are not properly validated or escaped before being echoed in attributes, allowing Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is...

6.5CVSS7.7AI score0.00497EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.8 views

PT-2024-15658 · WordPress · Enhanced Text Widget

Name of the Vulnerable Software and Affected Versions: Enhanced Text Widget WordPress plugin versions prior to 1.6.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

6.5CVSS8.1AI score0.00497EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/03/11 12:0 a.m.4 views

WordPress Plugin Enhanced Text Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS5.7AI score0.00497EPSS
Exploits2References3
Patchstack
Patchstack
added 2024/02/22 12:0 a.m.14 views

WordPress Enhanced Text Widget Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Enhanced Text Widget Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0559 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b7618d5a60 Credits Dmitrii Ignatyev...

5.7AI score0.00497EPSS
Exploits2References4Affected Software1
wpexploit
wpexploit
added 2024/02/13 12:0 a.m.137 views

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.7AI score0.00497EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.11 views

Enhanced Text Widget <= 1.6.2 - Missing Authorization via etw_hide_admin_notification_callback

Description The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etwhideadminnotificationcallback function in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to hide adm...

6.4AI score0.00457EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/12/01 12:0 a.m.12 views

WordPress Enhanced Text Widget Plugin <= 1.6.3 is vulnerable to Broken Access Control

Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49192 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 8e44319396d6 Credits Abdi Pranata...

6.5AI score0.00457EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder