4 matches found
CVE-2024-0977
creationtimestamp| type| source ---|---|--- 2024-02-07 09:31:21+00:00| seen| https://t.me/ctinow/180585...
CVE-2024-0977 Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Timeline Widget For Elementor Elementor Timeline, Vertical & Horizontal Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...
CVE-2024-0977
The CVE-2024-0977 entry concerns Timeline Widget For Elementor (WordPress) up to version 1.5.3, which is vulnerable to stored XSS via image URLs due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor+). The issue is mitigated by upgradi...
WordPress Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Timeline Widget For Elementor Elementor Timeline, Vertical & Horizontal Timeline Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0977 Patch priority Low CVSS severity Low 6.5 Developer...