PT-2025-3733 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions up to, and including, 2.4.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Heading widget due to insufficient input sanitization and output escapin...

PT-2024-36189 · Unknown · Cryptocurrency Price Widget

Name of the Vulnerable Software and Affected Versions: Cryptocurrency Price Widget versions n/a through 1.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the Cryptocurrency Pric...

PT-2024-24777 · Unknown · Fahad Mahmood Rss Feed Widget

Name of the Vulnerable Software and Affected Versions: Fahad Mahmood RSS Feed Widget versions 2.9.7 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can injec...

PT-2024-18038 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.3 Description: The issue is related to Stored Cross-Site Scripting via the element pack wrapper link attribute of the Trailer Box widget due to...

PT-2024-22521 · WordPress · The Shoplentor

Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.8.3 Description: The issue is related to Stored Cross-Site Scripting via the slitems...

PT-2024-23154 · Unknown · Crypto Converter Widget

Name of the Vulnerable Software and Affected Versions: Crypto Converter Widget versions 1.8.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

PT-2024-20776 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.3.6 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 13 Description: The Document and Media widget in Liferay Portal does not limit resource consumption when generating a preview...

PT-2023-31791 · Unknown · Sticky Chat Widget

Name of the Vulnerable Software and Affected Versions: Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button versions 1.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as...