CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

Patchstack•added 2024/10/15 9:57 a.m.•4 views

WordPress UltraAddons – Elementor Addons plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin UltraAddons Elementor Lite versions = 2.0.2...

6.5CVSS6.1AI score0.00285EPSS

Exploits0Affected Software1

Patchstack•added 2024/10/15 12:0 a.m.•12 views

WordPress UltraAddons Elementor Lite Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software UltraAddons Elementor Lite Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49277 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3bd9de105fd9 Credits Michael Required privilege...

6.5CVSS6.8AI score0.00285EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/10 6:16 a.m.•2 views

WordPress UltraAddons Elementor Lite plugin <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin UltraAddons Elementor Lite versions = 1.1.6...

6.4CVSS5.8AI score0.0048EPSS

Exploits0References1Affected Software1

OSV•added 2024/07/10 2:15 a.m.•2 views

CVE-2024-4866

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input...

5.4CVSS6AI score0.0048EPSS

Exploits0References6

Vulnrichment•added 2024/07/10 2:2 a.m.•12 views

CVE-2024-4866 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

6.4CVSS6.1AI score0.0048EPSS

Exploits0References7

CVE•added 2024/07/10 2:2 a.m.•41 views

CVE-2024-4866

CVE-2024-4866 affects the UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. According to Red Hat and Wordfence data, all versions up to 1.1.6 are vulnerable to a Stored Cross-Site Scripting condit...

6.4CVSS6.1AI score0.0048EPSS

Exploits0References7Affected Software1

Patchstack•added 2024/07/10 12:0 a.m.•13 views

WordPress UltraAddons Elementor Lite Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software UltraAddons Elementor Lite Type Plugin Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4866 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6acf063eea46 Credits stealthcopter...

6.4CVSS5.8AI score0.0048EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/07/10 12:0 a.m.•2 views

PT-2024-33179 · WordPress · Ultraaddons

Name of the Vulnerable Software and Affected Versions: UltraAddons – Elementor Addons plugin for WordPress versions up to, and including, 1.1.6 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.0048EPSS

Exploits0References11

CNNVD•added 2024/07/10 12:0 a.m.•2 views

WordPress plugin UltraAddons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.7AI score0.0048EPSS

Exploits0References7

NVD•added 2024/07/06 5:15 p.m.•18 views

CVE-2024-37554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows DOM-Based XSS.This issue affects UltraAddons Elementor Lite: from n/a through = 2.0.2...

6.5CVSS0.00185EPSS

Exploits0References2

OSV•added 2024/07/06 5:15 p.m.•3 views

CVE-2024-37554

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodeAstrology Team UltraAddons Elementor Lite Header & Footer Builder, Menu Builder, Cart Icon, Shortcode.This issue affects UltraAddons Elementor Lite Header & Footer Builder, Menu Builder,...

5.4CVSS5.8AI score0.00185EPSS

Exploits0References1

Cvelist•added 2024/07/06 4:12 p.m.•23 views

CVE-2024-37554 WordPress UltraAddons plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00185EPSS

Exploits0References1

CVE•added 2024/07/06 4:12 p.m.•50 views

CVE-2024-37554

The CVE-2024-37554 entry concerns the WordPress plugin UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode) with versions up to 1.1.6. The underlying issue is Improper Neutralization of Input During Web Page Generation, i.e., Cross-Site Scripting (XSS). Affecte...

6.5CVSS5.9AI score0.00185EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/07/06 4:10 p.m.•3 views

WordPress UltraAddons plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin UltraAddons Elementor Lite versions = 2.0.2...

6.5CVSS6.1AI score0.00185EPSS

Exploits0Affected Software1

CNNVD•added 2024/07/06 12:0 a.m.•4 views

WordPress plugin UltraAddons Elementor Lite Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6.2AI score0.00185EPSS

Exploits0References2

Positive Technologies•added 2024/07/06 12:0 a.m.•4 views

PT-2024-27652 · Ultraaddons · Ultraaddons Elementor Lite

Name of the Vulnerable Software and Affected Versions: UltraAddons Elementor Lite versions through 1.1.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for potential exploitation. No information...

6.5CVSS6.6AI score0.00185EPSS

Exploits0References8

Patchstack•added 2024/07/06 12:0 a.m.•11 views

WordPress UltraAddons Elementor Lite Plugin <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software UltraAddons Elementor Lite Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37554 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 027a0305e057 Credits Khalid Yusuf Required privile...

6.5CVSS6.6AI score0.00185EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/07/19 12:0 a.m.•3 views

WordPress UltraAddons Elementor Lite Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software UltraAddons Elementor Lite Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID d3b08d811ef1 Credits Rafie Muhammad Patchstack...

6.1AI score

Exploits0References2Affected Software1

Patchstack•added 2022/02/28 12:0 a.m.•9 views

WordPress UltraAddons Elementor Lite plugin <= 1.1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress UltraAddons Elementor Lite plugin versions = 1.1.0. Solution Update the WordPress UltraAddons Elementor Lite plugin to the latest available version at least 1.1.1...

2.2AI score

Exploits0References2Affected Software1

Patchstack•added 2022/02/28 12:0 a.m.•13 views

WordPress UltraAddons Elementor Lite plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress UltraAddons Elementor Lite plugin versions = 1.1.0. Solution Update the WordPress UltraAddons Elementor Lite plugin to the latest available version at least 1.1.1...

3.9AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by