154 matches found
CVE-2024-10669
The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...
CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure
The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...
CVE-2024-10669
CVE-2024-10669 affects the WordPress plugin “Countdown Timer block – Display the event’s date into a timer.” The issue is Information Exposure via the [ctb] shortcode in all versions up to and including 1.2.4, allowing authenticated users with Contributor-level access or higher to retrieve data f...
CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure
The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...
WordPress plugin Countdown Timer block 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Countdown Timer plugin <= 1.2.4 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Countdown Timer versions = 1.2.4...
PT-2024-16445 · WordPress · Countdown Timer Block Plugin
Name of the Vulnerable Software and Affected Versions: Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4 Description: The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via...
WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure
Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...
CVE-2024-4209
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...
PT-2024-29744 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp
Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.36 Description: The issue is related to Stored Cross-Site Scripting via the countdown timer due to insufficient input...
PT-2024-17933 · Grafana · Grafana
Name of the Vulnerable Software and Affected Versions: Countdown Timer for Elementor WordPress plugin versions prior to 1.3.7 Description: The issue concerns the Countdown Timer for Elementor WordPress plugin, where versions prior to 1.3.7 do not properly sanitise and escape some parameters when...
CVE-2024-1413
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1413
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1413 Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1413
CVE-2024-1413 affects Exclusive Addons for Elementor (WordPress). Vulnerable in Countdown Timer widget through Stored XSS in all versions up to 2.6.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (contributor+) and can cause script executio...
WordPress Plugin Exclusive Addons for Elementor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-18023 · WordPress · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9 Description: The issue is related to Stored Cross-Site Scripting via the Countdown Timer widget due to insufficient input sanitization and output escapin...
Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...