WordPress ElementsKit Pro plugin <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'ekitbtnid' vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ElementsKit Pro versions = 3.6.0...

CVE-2024-3598

CVE-2024-3598 affects ElementsKit Pro (WordPress) via a Stored Cross-Site Scripting flaw in the Creative Button widget. The issue, present in ElementsKit Pro versions up to 3.6.0, arises from insufficient input sanitization/output escaping for the ekit_btn_id attribute, enabling an authenticated ...

CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress Plugin ElementsKit Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress ElementsKit Pro Plugin <= 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3598 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc1eab59b295 Credits Ngô Thiên An ancorn...

PT-2024-26818 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to Stored Cross-Site Scripting in the Creative Button widget due to insufficient input sanitization and output escaping on user-suppli...

CVE-2024-32505 WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Roxnor ElementsKit Elementor addons Lite elementskit-lite.This issue affects ElementsKit Elementor addons Lite: from n/a through = 3.0.6...

CVE-2024-32505 WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wpmet Elements kit Elementor addons allows Stored XSS.This issue affects Elements kit Elementor addons: from n/a through 3.0.6...

WordPress Plugin ElementsKit Elementor addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Elements kit Elementor addons versions = 3.0.6...

CVE-2024-2803

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-2803

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress ElementsKit Elementor addons plugin <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Elements kit Elementor addons versions = 3.0.7...

CVE-2024-2803 ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-2803 ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-2803

CVE-2024-2803 corresponds to ElementsKit Elementor addons and Templates Library in WordPress, where Stored XSS via the countdown widget exists in all versions up to 3.0.6 due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with contributor-...

WordPress Plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-22224 · WordPress · Elementskit Elementor Addons Plugin

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.6 Description: The issue is related to Stored Cross-Site Scripting via the countdown widget due to insufficient input sanitization and output escaping on...

ElementsKit Elementor addons < 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Description The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw vulnerability

Authenticated Contributor+ Local File Inclusion in renderraw vulnerability discovered by wesley wcraft in WordPress Plugin Elements kit Elementor addons versions = 3.0.6...