76 matches found
CVE-2024-2618
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin < 1.9.8 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Mohamed Azarudheen in WordPress Plugin Contact Form & Lead Form Elementor Builder versions 1.9.8...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3637 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c8bf001e4e07 Credits...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1415 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d325c43fa35f...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Broken Access Control
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1416 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 77bb7d4469de Credits Duc...
CVE-2023-48777
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1...
CVE-2024-2252 Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-22136
Cross-Site Request Forgery CSRF vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5...
CVE-2024-22136
Cross-Site Request Forgery CSRF vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5...
CVE-2022-23180
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...
CVE-2022-23179
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Command injection
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...
Cross site scripting
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin Contact Form & Lead Form Elementor Builder Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-11522 · WordPress · Contact Form & Lead Form Elementor Builder
Name of the Vulnerable Software and Affected Versions: Contact Form & Lead Form Elementor Builder WordPress plugin versions prior to 1.7.4 Description: The issue is related to the lack of authorisation and nonce checks in the plugin, which could allow any authenticated users, such as subscribers,...