5 matches found
EUVD-2026-29551
Insufficient ownership checks in clientarea.php allow an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account...
CVE-2026-29204
Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...
CVE-2026-29204
Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...
CVE-2024-5329
The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
PT-2024-35713 · WordPress · Unlimited Elements For Elementor
Name of the Vulnerable Software and Affected Versions: The Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.109 Description: The issue is related to blind SQL Injection via the dataaddonID parameter due to insufficient escaping on the user-supplied paramete...