CVE-2025-0371

CVE-2025-0371 concerns the WordPress JetElements plugin, with stored cross-site scripting in multiple widgets in all versions up to 2.7.2.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker (contributor level or ...

WordPress plugin Hash Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Hash...

WordPress plugin Envato Elements 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-10802

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hashelementsgetpoststitlebyid function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that...

PT-2024-16561 · WordPress · Hash Elements

Name of the Vulnerable Software and Affected Versions: Hash Elements plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the hash elements get posts title by id function. This allows...

WordPress Mega Elements Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47343 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1be74e6ef4a6 Credits João Pedro S Alcântara Kinorth Required...

CVE-2024-6166

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addonsorder’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient...

WordPress Mega Elements Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37466 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2dbf20c7c841 Credits João Pedro S Alcântara Kinorth Required...

CVE-2024-4702

CVE-2024-4702 refers to a Stored Cross-Site Scripting flaw in the Mega Elements – Addons for Elementor WordPress plugin. The issue arises in the Button widget, due to insufficient input sanitization and output escaping on user-supplied attributes, enabling an attacker with contributor-level acces...

CVE-2024-2662

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Damir Calusic WP Basic Elements plugin = 5.2.15 versions...

CVE-2022-47139 WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Damir Calusic WP Basic Elements plugin = 5.2.15 versions...

WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Basic Elements Type Plugin Vulnerable versions = 5.2.15 Fixed in 5.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47139 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ecb46d9d2adc Credits rezaduty Require...

WordPress plugin Envato Elements 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2023-0487 My Sticky Elements < 2.0.9 - Admin+ SQLi

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2022-0693

The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...