5 matches found
CVE-2025-3106
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-3106
creationtimestamp| type| source ---|---|--- 2025-04-18 09:58:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12412 2025-04-18 11:16:04+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln3ilsuwtjj2 2025-04-18 16:34:34+00:00| seen|...
CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-3106
CVE-2025-3106 affects LA-Studio Element Kit for Elementor (WordPress) up to version 1.4.9, enabling Stored Cross-Site Scripting via the Table of Contents widget when a contributor+ user supplies crafted attributes. Root cause: insufficient input sanitization and output escaping on user-provided a...