Lucene search
K

63 matches found

Patchstack
Patchstack
added 2025/08/22 10:13 p.m.5 views

WordPress WS Theme Addons plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wsweather Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WS Theme Addons versions = 2.0.0...

6.4CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/08/14 2:53 p.m.7 views

WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Easy Elementor Addons versions = 2.2.7...

4.3CVSS6.7AI score0.00181EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/14 7:28 a.m.4 views

CVE-2025-8874

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output...

6.4CVSS6AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.10 views

CVE-2024-1464

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.7 views

CVE-2024-3638

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on us...

6.4CVSS6.1AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.5 views

CVE-2024-4896

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.9 views

CVE-2024-4865

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5.8AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.3 views

CVE-2024-10365

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...

4.3CVSS5.7AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.6 views

CVE-2024-6824

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...

4.3CVSS6.6AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:18 a.m.4 views

CVE-2024-9376

The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:4 a.m.9 views

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.4AI score0.00544EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 6:15 a.m.30 views

CVE-2025-2225

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘raeltitletag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/15 5:23 a.m.19 views

CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘raeltitletag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2025/04/15 5:23 a.m.68 views

CVE-2025-2225

CVE-2025-2225 : The WordPress plugin “Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates” is affected by a Stored Cross‑Site Scripting flaw in the rael_title_tag parameter for versions up to and including 1.6.9. Exploitation requires authentication at Contribut...

6.4CVSS5.8AI score0.00252EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/03/26 1:15 p.m.13 views

CVE-2025-2228

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'registeruser' function. This makes it possible for authenticated attackers, with...

5.7CVSS0.00333EPSS
Exploits0References3
CVE
CVE
added 2025/03/26 12:41 p.m.67 views

CVE-2025-2228

CVE-2025-2228 affects the Responsive Addons for Elementor plugin (Free Elementor Addons and Elementor Templates) for WordPress, with the flaw in the register_user function present in versions up to 1.6.8. The vulnerability allows an attacker with Contributor-level access (authenticated) to exfilt...

5.7CVSS6.6AI score0.00333EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/03/04 9:15 a.m.9 views

CVE-2025-0433

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output...

6.4CVSS0.00262EPSS
Exploits0References5
OSV
OSV
added 2025/03/04 9:15 a.m.3 views

CVE-2025-0433

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00262EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/03/04 8:23 a.m.10 views

CVE-2025-0433 Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00262EPSS
Exploits0References5
NVD
NVD
added 2025/02/21 10:15 a.m.13 views

CVE-2024-13353

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access...

8.8CVSS0.00679EPSS
Exploits0References5
Rows per page
Query Builder