WordPress plugin UltraAddons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Sky Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress Hash Elements plugin <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title Exposure vulnerability

Missing Authorization to Unauthenticated Draft Post Title Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Hash Elements versions = 1.4.7...

CVE-2024-10802

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hashelementsgetpoststitlebyid function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that...

CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10778

The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticat...

CVE-2024-10778

CVE-2024-10778 : BuddyPress Builder for Elementor – BuddyBuilder (WordPress plugin) is vulnerable to information exposure in all versions up to 1.7.4 via the shortCode “elementor-template.” The issue arises from insufficient restrictions on which posts can be included, allowing authenticated atta...

CVE-2024-10695

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

PT-2024-16561 · WordPress · Hash Elements

Name of the Vulnerable Software and Affected Versions: Hash Elements plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the hash elements get posts title by id function. This allows...

PT-2024-39687 · WordPress · Sky Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Sky Addons for Elementor plugin for WordPress versions up to, and including, 2.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor...

CVE-2024-10352

The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the getcontenttype function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level acce...

WordPress plugin Attesa Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Magical Addons For Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress plugin Countdown Timer block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16469 · Unknown +1 · Skt Addons For Elementor +1

Name of the Vulnerable Software and Affected Versions: SKT Addons for Elementor versions up to, and including, 3.3 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that they should not ha...

CVE-2024-10319

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with...

PT-2024-16218 · WordPress · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.3.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data v...

PT-2024-39915 · WordPress · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue allows authenticated attackers with contributor-level access and above to view private, draft, and password-protected posts,...

CVE-2024-9351

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'createmodule' function. This makes it possible f...

CVE-2024-9351

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'createmodule' function. This makes it possible f...