EUVD-2024-17165

Malicious code in bioql PyPI...

CVE-2024-24930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...

CVE-2024-1411

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Cross site scripting

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-1411

CVE-2024-1411 affects PowerPack Addons for Elementor (WordPress). The vulnerability is a Stored Cross‑Site Scripting (XSS) in the Twitter Buttons Widget, exploitable via its settings. Affected versions are up to and including 2.7.15. Exploitation requires at least contributor‑level access by an a...

CVE-2024-1411 PowerPack Addons for Elementor <= 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PowerPack Addons for Elementor < 2.7.16 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize its Twitter Buttons Widget setting, allowing users with at least the contributor role to conduct Stored XSS attacks...