WordPress EmbedPress plugin <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via PDF Widget URL vulnerability discovered by RandomRoot in WordPress Plugin EmbedPress versions = 3.9.10...

CVE-2024-5177

The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-1565

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitizatio...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

CVE-2024-8236

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possibl...

PT-2024-36077 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: The Elementor Website Builder – More than Just a Page Builder plugin for WordPress versions up to, and including, 3.23.4 Description: The issue is related to Stored Cross-Site Scripting via the url parameter of multiple widgets due to...

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitizatio...

CVE-2024-1565 EmbedPress <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitizatio...

CVE-2024-3333

The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Essential Addons for Elementor plugin <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via Widget URL Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Essential Addons for Elementor versions = 5.9.14...

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-2507

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-20723 · WordPress · Jetwidgets For Elementor

Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Stored Cross-Site Scripting via the widget button URL due to insufficient input sanitization and output escaping on...

PT-2024-24750 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the URL attribute of widgets. This...

CVE-2024-0448

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...