Lucene search
+L

106 matches found

Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.3 views

PT-2024-32874 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder Pro plugin for WordPress versions up to 3.1.72 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the web...

6.4CVSS6.5AI score0.00276EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.10 views

Cost Calculator Builder Pro < 3.1.73 - Authenticated (Subscriber+) Server-Side Request Forgery

Description Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the senddemowebhook function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...

6.4CVSS6.5AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.91 views

CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00419EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

WordPress Plugin Cost Calculator Builder Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.2CVSS5.7AI score0.00576EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.12 views

WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)

Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...

7.2CVSS5.8AI score0.00576EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/27 7:15 a.m.13 views

CVE-2024-1364

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's customid in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 6:40 a.m.12 views

CVE-2024-2121 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS7.4AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 6:40 a.m.15 views

CVE-2024-2781 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videohtmltag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.3 views

WordPress Plugin Elementor Website Builder Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.4CVSS7.3AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.6 views

WordPress Plugin Elementor Website Builder Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS7.4AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2024/01/31 2:15 p.m.22 views

CVE-2024-22140

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

8.8CVSS8.8AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 2:15 p.m.4 views

CVE-2024-22140

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

8.8CVSS5.8AI score0.00263EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 2:15 p.m.22 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

6.8CVSS7.2AI score0.00263EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/31 1:46 p.m.27 views

CVE-2024-22140 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

8.8CVSS8.9AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/31 1:46 p.m.11 views

CVE-2024-22140 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

8.8CVSS7AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2024/01/31 1:46 p.m.60 views

CVE-2024-22140

CVE-2024-22140 is a Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro, affecting versions up to 3.10.0. Patch 3.10.1 fixes the issue. Public data from NVD/Red Hat indicate high impact (CVSS 3.1 base score 8.8). Patchstack documents unauthenticated exploitation lead...

8.8CVSS8.5AI score0.00263EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/24 3:15 p.m.26 views

CVE-2024-22141

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

7.5CVSS6.7AI score0.00492EPSS
Exploits0References1
OSV
OSV
added 2024/01/24 3:15 p.m.6 views

CVE-2024-22141

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

7.5CVSS5.8AI score0.00492EPSS
Exploits0References1
Prion
Prion
added 2024/01/24 3:15 p.m.23 views

Design/Logic Flaw

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

5CVSS7.1AI score0.00492EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/24 2:50 p.m.33 views

CVE-2024-22141 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...

6.5CVSS7.7AI score0.00492EPSS
Exploits0References1
Rows per page
Query Builder