EUVD-2025-4722

Malicious code in bioql PyPI...

CVE-2024-13854

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

CVE-2024-13854

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

CVE-2024-13854

CVE-2024-13854 affects Education Addon for Elementor (WordPress) up to version 1.3.1 and is caused by insecure direct object reference via the naedu_elementor_template shortcode due to missing validation on a user-controlled key. This allows authenticated attackers with Contributor+ privileges to...

CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

WordPress plugin Education Addon for Elementor 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

WordPress Education Addon for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode vulnerability

Authenticated Contributor+ Insecure Direct Object Reference via naeduelementortemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Education Addon for Elementor versions = 1.3.1...

WordPress Education Addon for Elementor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Education Addon for Elementor Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2269d28441b4 Credits Rafie Muhammad...

WordPress Education Addon for Elementor plugin <= 1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Education Addon for Elementor plugin versions = 1.1. Solution Update the WordPress Education Addon for Elementor plugin to the latest available version at least 1.2...

WordPress Education Addon for Elementor plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Education Addon for Elementor plugin versions = 1.1. Solution Update the WordPress Education Addon for Elementor plugin to the latest available version at least 1.2...