Lucene search
+L

5 matches found

NVD
NVD
added 2025/04/18 10:15 a.m.16 views

CVE-2025-3106

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00364EPSS
Exploits0References4
Circl
Circl
added 2025/04/18 9:58 a.m.12 views

CVE-2025-3106

creationtimestamp| type| source ---|---|--- 2025-04-18 09:58:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12412 2025-04-18 11:16:04+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln3ilsuwtjj2 2025-04-18 16:34:34+00:00| seen|...

6.4CVSS7.8AI score0.00364EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/18 9:21 a.m.10 views

CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00364EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/18 9:21 a.m.30 views

CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00364EPSS
Exploits0References4
CVE
CVE
added 2025/04/18 9:21 a.m.77 views

CVE-2025-3106

CVE-2025-3106 affects LA-Studio Element Kit for Elementor (WordPress) up to version 1.4.9, enabling Stored Cross-Site Scripting via the Table of Contents widget when a contributor+ user supplies crafted attributes. Root cause: insufficient input sanitization and output escaping on user-provided a...

6.4CVSS5.7AI score0.00364EPSS
Exploits0References4
Rows per page
Query Builder