Lucene search
K

84 matches found

WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.12 views

Envo Extra < 1.8.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/15 12:15 p.m.5 views

CVE-2024-4702

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

5.4CVSS5.9AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/15 11:33 a.m.12 views

CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.8AI score0.00334EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/15 1:54 a.m.4 views

WordPress Mega Elements plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by stealthcopter in WordPress Plugin Mega Elements versions = 1.2.1...

6.4CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.3 views

WordPress plugin Mega Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS6AI score0.00334EPSS
Exploits0References3
OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2024-2750

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-21922 · WordPress · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.3 Description: The issue arises from insufficient input sanitization and output escaping in the URL attribute of the Button widget, allowing authenticate...

6.4CVSS6.9AI score0.0032EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

WordPress plugin Exclusive Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.1AI score0.0032EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/23 2:50 a.m.3 views

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.3...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.3 views

WordPress Plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.5 views

PT-2024-26818 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to Stored Cross-Site Scripting in the Creative Button widget due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS5.9AI score0.00323EPSS
Exploits0References5
OSV
OSV
added 2024/04/09 7:15 p.m.5 views

CVE-2024-2181

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.4 views

PT-2024-19068 · Wpzoom · Beaver Builder Addons

Name of the Vulnerable Software and Affected Versions: Beaver Builder Addons by WPZOOM plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to Stored Cross-Site Scripting via the Button widget due to insufficient input sanitization and output escaping. This...

6.4CVSS7.9AI score0.00423EPSS
Exploits0References4
OSV
OSV
added 2024/04/02 7:16 a.m.1 views

CVE-2024-2925

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS5.9AI score0.00408EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.5 views

WordPress Plugin Beaver Builder – WordPress Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS7.7AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-22840 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button Widget due to insufficient input sanitization and output escapi...

6.4CVSS8AI score0.00408EPSS
Exploits0References6
OSV
OSV
added 2024/03/30 7:15 a.m.6 views

CVE-2024-2141

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00433EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.4 views

WordPress Plugin Ultimate Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS7.7AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.6 views

PT-2024-18869 · WordPress · Ultimate Addons For Beaver Builder – Lite

Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Beaver Builder – Lite plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Stored Cross-Site Scripting via the Button widget due to insufficient input sanitization and output...

6.4CVSS8AI score0.00433EPSS
Exploits0References7
OSV
OSV
added 2024/03/23 2:15 a.m.3 views

CVE-2024-2131

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.00343EPSS
Exploits0References2
Rows per page
Query Builder