WordPress WidgetKit Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software WidgetKit Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34548 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d04ccca624d0 Credits Ray Wilson Required privilege Contributor...

WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal

Description The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wktdadsdismissnotice function in versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to dismiss notices...

CVE-2024-33908

Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0...

CVE-2024-33908 WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0...

CVE-2024-33908 WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0...

CVE-2024-33908

CVE-2024-33908: The ThemeGr ove WidgetKit (All-in-One Addons for Elementor WidgetKit) has a Missing Authorization vulnerability affecting WidgetKit versions up to 2.5.0. Connected documents identify this as a Missing Authorization to Notice Dismissal issue. The Wordfence entry notes the patch sta...

WordPress plugin WidgetKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-25542 · Themesgrove · Widgetkit

Name of the Vulnerable Software and Affected Versions: WidgetKit versions 2.5.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in Themesgrove WidgetKit. Recommendations: For versions 2.5.0 and earlier, update to a version later than 2.5.0 to resolve the...

WordPress WidgetKit plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WidgetKit versions = 2.5.4...

WordPress WidgetKit Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software WidgetKit Type Plugin Vulnerable versions = 2.5.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33908 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 38f3250eb362 Credits Dhabaleshwar Das Required privilege...

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Pricing Widgets vulnerability discovered by Francesco Carlucci in WordPress Plugin WidgetKit versions = 2.5.1...

WordPress WidgetKit Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software WidgetKit Type Plugin Vulnerable versions = 2.4.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2137 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4ddb69d01d1 Credits Francesco Carlucci Required...

CVE-2024-2137

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. Thi...

CVE-2024-2137 All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thi...

CVE-2024-2137

CVE-2024-2137 affects All-in-One Addons for Elementor – WidgetKit (WordPress) up to version 2.4.8. Reported vulnerability: Stored Cross-Site Scripting via multiple pricing widgets due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor+)...

WordPress Plugin WidgetKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets

Description The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output...

CVE-2022-4256 All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to WidgetKit - API Keys, put the following...

All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to WidgetKit - API Keys, put the following...