106 matches found
PT-2024-32874 · WordPress · Cost Calculator Builder
Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder Pro plugin for WordPress versions up to 3.1.72 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the web...
Cost Calculator Builder Pro < 3.1.73 - Authenticated (Subscriber+) Server-Side Request Forgery
Description Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the senddemowebhook function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...
CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Plugin Cost Calculator Builder Pro 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Cost Calculator Builder Pro Plugin <= 3.1.67 is vulnerable to Cross Site Scripting (XSS)
Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.67 Fixed in 3.1.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4097 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 99ec603c6f20 Credits andrea...
CVE-2024-1364
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's customid in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-2121 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2024-2781 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videohtmltag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Plugin Elementor Website Builder Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Plugin Elementor Website Builder Pro 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-22140
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-22140
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-22140 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-22140 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-22140
CVE-2024-22140 is a Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro, affecting versions up to 3.10.0. Patch 3.10.1 fixes the issue. Public data from NVD/Red Hat indicate high impact (CVSS 3.1 base score 8.8). Patchstack documents unauthenticated exploitation lead...
CVE-2024-22141
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-22141
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
Design/Logic Flaw
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...
CVE-2024-22141 WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0...