84 matches found
Envo Extra < 1.8.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-4702
The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
WordPress Mega Elements plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by stealthcopter in WordPress Plugin Mega Elements versions = 1.2.1...
WordPress plugin Mega Elements 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-2750
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2024-21922 · WordPress · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.3 Description: The issue arises from insufficient input sanitization and output escaping in the URL attribute of the Button widget, allowing authenticate...
WordPress plugin Exclusive Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.3...
WordPress Plugin ElementsKit Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-26818 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to Stored Cross-Site Scripting in the Creative Button widget due to insufficient input sanitization and output escaping on user-suppli...
CVE-2024-2181
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-19068 · Wpzoom · Beaver Builder Addons
Name of the Vulnerable Software and Affected Versions: Beaver Builder Addons by WPZOOM plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to Stored Cross-Site Scripting via the Button widget due to insufficient input sanitization and output escaping. This...
CVE-2024-2925
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress Plugin Beaver Builder – WordPress Page Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-22840 · WordPress · The Beaver Builder
Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button Widget due to insufficient input sanitization and output escapi...
CVE-2024-2141
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Plugin Ultimate Addons for Beaver Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-18869 · WordPress · Ultimate Addons For Beaver Builder – Lite
Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Beaver Builder – Lite plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Stored Cross-Site Scripting via the Button widget due to insufficient input sanitization and output...
CVE-2024-2131
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...