EUVD-2023-12359

Malicious code in bioql PyPI...

EUVD-2022-52063

Malicious code in bioql PyPI...

CVE-2024-13113

The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

CVE-2024-5666

CVE-2024-5666 affects Extensions for Elementor (WordPress) by vulnerability in the EE Button widget’s url parameter, enabling Stored XSS via insufficient input sanitization and output escaping. Affected versions: all up to and including 2.0.30. Exploitation requires authenticated access (Contribu...

Cross site scripting

The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-25027

CVE-2021-25027 affects the WordPress plugin PowerPack Addons for Elementor (versions before 2.6.2). The issue is a failure to escape the tab parameter when outputting it back into an HTML attribute in the admin dashboard, resulting in a reflected Cross-Site Scripting vulnerability. Impact describ...

CVE-2021-24292

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget...

Cross site scripting

The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

CVE-2020-20634

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog...