37 matches found
CVE-2024-9542 Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-leve...
PT-2024-16541 · WordPress · The Theme Builder For Elementor
Name of the Vulnerable Software and Affected Versions: The Theme Builder For Elementor plugin for WordPress versions up to, and including, 1.2.2 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by...
CVE-2024-10795 Popularis Extra <= 1.2.7 - Authenticated (Contributor+) Post Disclosure
The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10795
CVE-2024-10795 affects the WordPress plugin Popularis Extra (versions
CVE-2024-10778
The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticat...
CVE-2024-10778
CVE-2024-10778 : BuddyPress Builder for Elementor – BuddyBuilder (WordPress plugin) is vulnerable to information exposure in all versions up to 1.7.4 via the shortCode “elementor-template.” The issue arises from insufficient restrictions on which posts can be included, allowing authenticated atta...
CVE-2024-10695
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...
CVE-2024-10695
CVE-2024-10695 affects Futurio Extra for WordPress (versions ≤ 2.0.13). The vulnerability is an Information Exposure via the elementor-template shortcode, where authenticated users with Contributor+ access can exfiltrate data from private or draft posts they should not access. The CVSS base score...
PT-2024-16471 · WordPress · Futurio Extra
Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.13 Description: The issue concerns Information Exposure via the elementor-template shortcode due to insufficient restrictions on which posts can be included. This allows...
CVE-2024-10770
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-10770
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...
WordPress Magical Addons For Elementor plugin <= 1.2.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template vulnerability
Authenticated Contributor+ Sensitive Information Exposure via Elementor Template vulnerability discovered by Ankit Patel in WordPress Plugin Magical Addons For Elementor versions = 1.2.4...
WordPress Custom post type templates for Elementor plugin <= 1.10.1 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Custom post type templates for Elementor versions = 1.10.1...
CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template
The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wlfaq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...
CVE-2024-9538 ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template
The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wlfaq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...
Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import
The mepimportajaxtemplate AJAX action of the plugin, available to both unauthenticated and authenticated users, is lacking any authorisation and CSRF checks. As a result, unauthenticated user can import arbitrary Elementor template to the blog Legit template:...