Lucene search
+L

76 matches found

OSV
OSV
added 2024/05/24 5:15 a.m.7 views

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00322EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/23 9:37 a.m.5 views

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...

5.4CVSS7.1AI score0.00326EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/23 12:0 a.m.17 views

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

5.4CVSS6.8AI score0.00326EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/03 9:15 a.m.4 views

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin < 1.9.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mohamed Azarudheen in WordPress Plugin Contact Form & Lead Form Elementor Builder versions 1.9.8...

6.1CVSS6.1AI score0.00472EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/05/03 12:0 a.m.15 views

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3637 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8bf001e4e07 Credits...

5.7AI score0.00472EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/04/15 9:11 a.m.10 views

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...

4.3CVSS7AI score0.00272EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.16 views

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1415 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d325c43fa35f...

4.3CVSS7AI score0.00267EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.9 views

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Broken Access Control

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1416 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 77bb7d4469de Credits Duc...

4.3CVSS6.9AI score0.00272EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/26 9:15 p.m.4 views

CVE-2023-48777

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1...

8.8CVSS5.8AI score0.041EPSS
Exploits3References1
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.32 views

CVE-2024-2252 Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.2AI score0.00435EPSS
Exploits0References2
NVD
NVD
added 2024/01/31 2:15 p.m.21 views

CVE-2024-22136

Cross-Site Request Forgery CSRF vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5...

8.8CVSS5.7AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 2:15 p.m.2 views

CVE-2024-22136

Cross-Site Request Forgery CSRF vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2022-23180

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

4.3CVSS5.8AI score0.0053EPSS
Exploits2References2
OSV
OSV
added 2024/01/16 4:15 p.m.5 views

CVE-2022-23179

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00536EPSS
Exploits2References1
Prion
Prion
added 2024/01/16 4:15 p.m.20 views

Command injection

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

4CVSS6.9AI score0.0053EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2024/01/16 4:15 p.m.20 views

Cross site scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.3CVSS6.2AI score0.00536EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:52 p.m.6 views

CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8AI score0.00536EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/16 3:52 p.m.26 views

CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00536EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.3 views

WordPress plugin Contact Form & Lead Form Elementor Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.0053EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-11522 · WordPress · Contact Form & Lead Form Elementor Builder

Name of the Vulnerable Software and Affected Versions: Contact Form & Lead Form Elementor Builder WordPress plugin versions prior to 1.7.4 Description: The issue is related to the lack of authorisation and nonce checks in the plugin, which could allow any authenticated users, such as subscribers,...

4.3CVSS4.4AI score0.0053EPSS
Exploits2References7
Rows per page
Query Builder