86 matches found
EUVD-2024-36657
Malicious code in bioql PyPI...
EUVD-2024-34851
Malicious code in bioql PyPI...
EUVD-2024-34490
Malicious code in bioql PyPI...
CVE-2025-2330
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-2330
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-2330 All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-2330
CVE-2025-2330 involves the WordPress plugin All-in-One Addons for Elementor – WidgetKit. It presents a Stored Cross-Site Scripting (XSS) in the widget called “button+modal,” due to insufficient input sanitization and output escaping of user-supplied attributes. Affected products: All-in-One Addon...
WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin WidgetKit Pro versions = 1.13.1...
CVE-2025-49074
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects WidgetKit: from n/a through = 2.5.4...
CVE-2025-49074
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects WidgetKit: from n/a through = 2.5.4...
CVE-2025-49074 WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects WidgetKit: from n/a through = 2.5.4...
CVE-2025-49074 WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abu Huraira Bin Aman WidgetKit widgetkit-for-elementor allows Stored XSS.This issue affects WidgetKit: from n/a through = 2.5.4...
CVE-2025-49074
CVE-2025-49074 corresponds to a Stored XSS in the WordPress WidgetKit plugin (WidgetKit
WordPress plugin WidgetKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2025-24092 · Widgetkit · Widgetkit
Name of the Vulnerable Software and Affected Versions: WidgetKit versions through 2.5.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scrip...
WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WidgetKit versions = 2.5.4...
CVE-2024-34548
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8...
CVE-2024-33908
Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0...
CVE-2024-37428
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.0...
CVE-2024-10321
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above,...