Lucene search
K

37 matches found

Cvelist
Cvelist
added 2024/11/21 11:2 a.m.36 views

CVE-2024-9542 Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template

The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-16541 · WordPress · The Theme Builder For Elementor

Name of the Vulnerable Software and Affected Versions: The Theme Builder For Elementor plugin for WordPress versions up to, and including, 1.2.2 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by...

4.3CVSS9.3AI score0.00456EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/16 2:2 a.m.9 views

CVE-2024-10795 Popularis Extra <= 1.2.7 - Authenticated (Contributor+) Post Disclosure

The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2024/11/16 2:2 a.m.58 views

CVE-2024-10795

CVE-2024-10795 affects the WordPress plugin Popularis Extra (versions

4.3CVSS4.3AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2024/11/13 2:15 a.m.4 views

CVE-2024-10778

The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticat...

4.3CVSS7.3AI score0.00469EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 2:2 a.m.58 views

CVE-2024-10778

CVE-2024-10778 : BuddyPress Builder for Elementor – BuddyBuilder (WordPress plugin) is vulnerable to information exposure in all versions up to 1.7.4 via the shortCode “elementor-template.” The issue arises from insufficient restrictions on which posts can be included, allowing authenticated atta...

4.3CVSS4.3AI score0.00469EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/12 4:15 a.m.4 views

CVE-2024-10695

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS7.3AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 3:24 a.m.48 views

CVE-2024-10695

CVE-2024-10695 affects Futurio Extra for WordPress (versions ≤ 2.0.13). The vulnerability is an Information Exposure via the elementor-template shortcode, where authenticated users with Contributor+ access can exfiltrate data from private or draft posts they should not access. The CVSS base score...

4.3CVSS4.3AI score0.003EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.8 views

PT-2024-16471 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.13 Description: The issue concerns Information Exposure via the elementor-template shortcode due to insufficient restrictions on which posts can be included. This allows...

4.3CVSS9.4AI score0.003EPSS
Exploits0References11
NVD
NVD
added 2024/11/09 5:15 a.m.13 views

CVE-2024-10770

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.003EPSS
Exploits0References2
OSV
OSV
added 2024/11/09 5:15 a.m.3 views

CVE-2024-10770

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.8AI score0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/09 2:55 a.m.6 views

WordPress Magical Addons For Elementor plugin <= 1.2.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Elementor Template vulnerability discovered by Ankit Patel in WordPress Plugin Magical Addons For Elementor versions = 1.2.4...

4.3CVSS7AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/01 1:39 p.m.3 views

WordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Custom post type templates for Elementor versions = 1.10.1...

6.5CVSS5.8AI score0.00233EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/10/22 7:36 a.m.32 views

CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template

The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/11 11:1 a.m.18 views

CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template

The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wlfaq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

4.3CVSS0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/11 11:1 a.m.11 views

CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template

The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wlfaq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

4.3CVSS6.5AI score0.00397EPSS
Exploits0References2
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.123 views

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import

The mepimportajaxtemplate AJAX action of the plugin, available to both unauthenticated and authenticated users, is lacking any authorisation and CSRF checks. As a result, unauthenticated user can import arbitrary Elementor template to the blog Legit template:...

7.2AI score
Exploits0
Rows per page
Query Builder