285 matches found
CVE-2024-3499
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets
The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
CVE-2024-3500
This CVE (CVE-2024-3500) concerns ElementsKit Pro for WordPress. The vulnerability is Local File Inclusion via the Price Menu, Hotspot, and Advanced Toggle widgets in all versions up to 3.6.0. An authenticated attacker with contributor-level access or higher can include and execute arbitrary PHP ...
CVE-2024-3650
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-3650
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-3650
CVE-2024-3650 affects ElementsKit Elementor addons for WordPress. The issue is Stored XSS in Image Accordion widget across versions 3.0.7–3.1.2, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling an at...
CVE-2024-3499
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-3499 ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-3499
The CVE-2024-3499 entry concerns ElementsKit Elementor addons and Templates Library for WordPress. Impact arises from a Local File Inclusion in the Onepage Scroll module’s generate_navigation_markup function, enabling an authenticated attacker with contributor+ privileges to include and execute a...
PT-2024-26287 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server. This can be used to...
WordPress Plugin ElementsKit Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin ElementsKit Elementor addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin ElementsKit Elementor addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2024-26279 · WordPress · Elementskit Elementor Addons
Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions prior to 3.1.1 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the generate...
WordPress ElementsKit Elementor addons plugin <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Accordion Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elements kit Elementor addons versions = 3.1.2...
WordPress ElementsKit Pro plugin <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets vulnerability
Authenticated Contributor+ Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Pro versions = 3.6.0...
WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Local File Inclusion
Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3500 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 23f884009c74 Credits Webbernaut Required privilege Contributor...
WordPress ElementsKit Elementor addons plugin <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module vulnerability
Authenticated Contributor+ Local File Inclusion via Onepage Scroll Module vulnerability discovered by Webbernaut in WordPress Plugin Elements kit Elementor addons versions = 3.1.0...
CVE-2024-3598
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-3598
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...