Lucene search
K

6 matches found

Cvelist
Cvelist
added 2025/01/30 1:42 p.m.37 views

CVE-2024-8494 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

4.3CVSS0.00297EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/30 1:42 p.m.9 views

CVE-2024-8494 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

4.3CVSS6.2AI score0.00297EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.87 views

CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00419EPSS
Exploits1References2
NVD
NVD
added 2024/03/27 7:15 a.m.12 views

CVE-2024-1364

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's customid in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 6:40 a.m.14 views

CVE-2024-2781 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videohtmltag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 6:40 a.m.12 views

CVE-2024-2121 Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS7.4AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder