Lucene search
K

409 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.6 views

CVE-2024-9867

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' markercontent parameter in all versions up to, and including, 5.10.2 due to insufficient input...

5.4CVSS5.1AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:53 a.m.7 views

CVE-2024-12851

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to...

6.4CVSS6AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.12 views

CVE-2024-4359

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the rendersvg function...

6.5CVSS6.6AI score0.00507EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.22 views

CVE-2024-0837

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...

6.4CVSS5.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.18 views

CVE-2024-9058

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00236EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/16 12:49 p.m.6 views

WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Element Pack Pro versions 8.0.0...

4.3CVSS8.2AI score0.00121EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/28 6:17 a.m.16 views

CVE-2025-1458

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

6.4CVSS5.9AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2025/04/26 6:15 a.m.34 views

CVE-2025-1458

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

6.4CVSS0.00179EPSS
Exploits0References2
OSV
OSV
added 2025/04/26 6:15 a.m.5 views

CVE-2025-1458

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

5.4CVSS7.4AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2025/04/26 5:34 a.m.66 views

CVE-2025-1458

CVE-2025-1458 affects the WordPress plugin Element Pack Addons for Elementor (Lite/Pro) up to version 5.10.29. The issue is a stored cross-site scripting (XSS) caused by insufficient input sanitization and output escaping in multiple widgets (e.g., Dual Button, Creative Button, Image Stack). Expl...

6.4CVSS5.7AI score0.00179EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/26 5:34 a.m.10 views

CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

6.4CVSS5.7AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/26 5:34 a.m.40 views

CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

6.4CVSS0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/26 12:0 a.m.4 views

PT-2025-17947 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin versions up to, and including, 5.10.29 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitizati...

6.4CVSS6.1AI score0.00179EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/04/26 12:0 a.m.4 views

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS6.6AI score0.00179EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/04/25 9:34 p.m.11 views

WordPress Element Pack Elementor Addons plugin <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.29...

6.4CVSS6.3AI score0.00179EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/19 4:15 a.m.14 views

CVE-2025-1457

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization...

6.4CVSS0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/19 3:21 a.m.5 views

CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/19 3:21 a.m.23 views

CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization...

6.4CVSS0.00278EPSS
Exploits0References5
CVE
CVE
added 2025/04/19 3:21 a.m.83 views

CVE-2025-1457

The CVE-2025-1457 entry involves the WordPress plugin Element Pack Addons for Elementor – Free Templates and Widgets (bdthemes-element-pack-lite). It describes a Stored Cross-Site Scripting vulnerability in Wrapper Link, Countdown, and Gallery widgets across versions up to 5.10.28, caused by insu...

6.4CVSS5.8AI score0.00278EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/04/19 12:1 a.m.8 views

WordPress Element Pack Elementor Addons plugin <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 5.10.28...

6.4CVSS6.3AI score0.00278EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder