Lucene search
K

2301 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/03/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS6AI score0.00746EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/03/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS6AI score0.00746EPSS
Exploits2References1
Prion
Prion
added 2021/01/12 7:15 p.m.13 views

Cross site request forgery (csrf)

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...

4.3CVSS6.6AI score0.009EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/01/06 3:15 p.m.3 views

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

6.1CVSS5.3AI score0.00819EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/01/06 12:0 a.m.154 views

Elementor < 3.0.14 - SVG Upload Allowed by Default

The plugin allowed SVG files to be uploaded by default, which might lead to security issues, such as Cross-Site Scripting...

4.3CVSS1.4AI score0.00819EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/08/31 1:15 p.m.1 views

CVE-2020-15020

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...

5.4CVSS7AI score0.65037EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2020/08/31 1:15 p.m.9 views

CVE-2020-15020

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...

8.8CVSS7.1AI score0.65037EPSS
Exploits2References5
Cvelist
Cvelist
added 2020/08/31 12:27 p.m.21 views

CVE-2020-15020

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field...

5.9AI score0.00691EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2020/08/31 12:0 a.m.3 views

PT-2020-14124 · Elementor · Elementor

Name of the Vulnerable Software and Affected Versions: Elementor plugin versions prior to 2.9.14 Description: An issue allows an authenticated attacker to achieve stored XSS via the Name Your Template field. Recommendations: For Elementor plugin versions prior to 2.9.14, update to version 2.9.14 ...

8.8CVSS6.6AI score0.65037EPSS
Exploits2References4
CNVD
CNVD
added 2020/02/12 12:0 a.m.6 views

WordPress Elementor Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. elementor is a drag-and-drop page builder plugin used in it. A cross-site scripting vulnerability exists in the WordPress Elementor...

5.4CVSS6.3AI score0.01288EPSS
Exploits2References1
OSV
OSV
added 2020/01/28 11:15 p.m.5 views

CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...

5.4CVSS6.1AI score0.01288EPSS
Exploits2References3
NVD
NVD
added 2020/01/28 11:15 p.m.30 views

CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...

5.4CVSS5.3AI score0.01288EPSS
Exploits2References3
Prion
Prion
added 2020/01/28 11:15 p.m.18 views

Cross site scripting

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...

3.5CVSS5.2AI score0.01288EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/01/28 10:26 p.m.33 views

CVE-2020-8426

The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user...

5.2AI score0.01288EPSS
Exploits2References3
CVE
CVE
added 2020/01/28 10:26 p.m.138 views

CVE-2020-8426

CVE-2020-8426 describes a reflected XSS in the WordPress Elementor Page Builder plugin (versions prior to 2.8.5) on the elementor-system-info page. The vulnerability is exploitable by an authenticated user; no public exploit details are provided in the supplied documents. Affected component is th...

5.4CVSS5.2AI score0.01288EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2019/09/10 11:15 a.m.4 views

CVE-2017-18596

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...

8.8CVSS5.8AI score0.01381EPSS
Exploits0References2
NVD
NVD
added 2019/09/10 11:15 a.m.15 views

CVE-2017-18596

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...

8.8CVSS8.8AI score0.01381EPSS
Exploits0References2
Prion
Prion
added 2019/09/10 11:15 a.m.18 views

Design/Logic Flaw

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...

6.5CVSS8.7AI score0.01381EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/10 10:55 a.m.28 views

CVE-2017-18596

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions...

8.8AI score0.01381EPSS
Exploits0References2
CNVD
CNVD
added 2019/09/02 12:0 a.m.1 views

WordPress sina-extension-for-elementor plugin path traversal vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sina-extension-for-elementor is a webpage builder plugin used in it. A path traversal vulnerability exists in versions of the WordPres...

7.5CVSS6.7AI score0.02386EPSS
Exploits0References1
Rows per page
Query Builder