WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin ElementsKit Pro versions = 3.6.0...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Local File Inclusion

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8da27be920b8 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

WordPress ElementsKit Pro plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.6.5...

WordPress ElementsKit Pro Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7063 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1543cd49def0 Credits Webbernaut Required...

WordPress ElementsKit Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7064 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ae540cd84ef6 Credits Webbernaut Required...

WordPress ElementsKit Pro Plugin <= 3.6.2 is vulnerable to Server Side Request Forgery (SSRF)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-4404 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID b90eaeebfb3f Credits Ngô Thiên An ancorn...

WordPress ElementsKit Pro Plugin <= 3.6.1 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.1 Fixed in 3.6.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4452 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4123c1a8007b Credits wesley wcraft Required...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

WordPress ElementsKit Pro Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.6.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b8963eeda442 Credits Rafie Muhammad Patchsta...