CVE-2024-43996 WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0...

CVE-2024-43996

CVE-2024-43996 affects WordPress ElementsKit Pro plugin versions through 3.6.0. The vulnerability is Local File Inclusion caused by improper limitation of a pathname to a restricted directory (Path Traversal) in ElementsKit Pro. Impact is PHP Local File Inclusion with a base CVSS v3.1 score of 6....

WordPress plugin ElementsKit Pro 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-30861 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro versions through 3.6.0 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File Inclusion. This could...

WordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin ElementsKit Pro versions = 3.6.0...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Local File Inclusion

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43996 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8da27be920b8 Credits Ngô Thiên An ancorn from VNPT-VCI Required...

CVE-2024-7064

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2024-7064

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

CVE-2024-7063

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'renderraw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private,...

CVE-2024-7063

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'renderraw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private,...

CVE-2024-7063

CVE-2024-7063 affects ElementsKit Pro for WordPress, with Sensitive Information Exposure via render_raw in all versions up to 3.6.6. The issue requires authentication (Contributor+), allowing an authenticated user to exfiltrate sensitive data such as private, future, and draft posts. Connected so...

CVE-2024-7064

The CVE-2024-7064 entry concerns ElementsKit Pro for WordPress. It describes a Stored Cross-Site Scripting vulnerability in multiple parameters due to insufficient input sanitization and output escaping, affecting all versions up to 3.6.5. Exploitation requires authentication at Contributor level...

WordPress ElementsKit Pro plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.6.5...

WordPress ElementsKit Pro plugin <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.6.6...

WordPress ElementsKit Pro Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7063 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1543cd49def0 Credits Webbernaut Required...

WordPress plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-38052 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.6 Description: The issue allows authenticated attackers with Contributor-level permissions and above to extract sensitive data, including private, future, and draft posts...

PT-2024-38053 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.5 Description: The issue is related to Stored Cross-Site Scripting via several parameters due to insufficient input sanitization and output escaping. This allows...

WordPress ElementsKit Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in 3.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7064 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ae540cd84ef6 Credits Webbernaut Required...