CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WPVulnDB•added 2024/04/01 12:0 a.m.•14 views

ElementsKit Elementor addons < 3.0.7 - Contributor+ Local File Inclusion

Description The plugin is vulnerable to Local File Inclusion via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...

8.8CVSS7.6AI score0.01624EPSS

NVD•added 2024/03/30 5:15 a.m.•12 views

CVE-2024-2047

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...

8.8CVSS8.9AI score0.01624EPSS

OSV•added 2024/03/30 5:15 a.m.•1 views

CVE-2024-2047

8.8CVSS6.3AI score0.01624EPSS

OSV•added 2024/03/30 5:15 a.m.•4 views

CVE-2024-1238

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribut...

5.4CVSS7.4AI score0.00256EPSS

NVD•added 2024/03/30 5:15 a.m.•8 views

CVE-2024-1238

6.4CVSS5.8AI score0.00256EPSS

Vulnrichment•added 2024/03/30 4:31 a.m.•10 views

CVE-2024-1238

6.4CVSS5.8AI score0.00256EPSS

CVE•added 2024/03/30 4:31 a.m.•53 views

CVE-2024-1238

CVE-2024-1238 affects ElementsKit Elementor addons and Templates Library for WordPress. It is a Stored XSS via the button ID parameter caused by insufficient input sanitization and output escaping, impacting all versions up to 3.0.6. Exploitation requires authentication (contributors+). Reported ...

6.4CVSS7.4AI score0.00256EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/03/30 4:31 a.m.•15 views

CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw

8.8CVSS9.1AI score0.01624EPSS

CVE•added 2024/03/30 4:31 a.m.•73 views

CVE-2024-2047

The CVE-2024-2047 entry affects ElementsKit Elementor addons and Templates Library (ElementsKit Lite) for WordPress. The root cause is Local File Inclusion via render_raw in all versions up to 3.0.6. This allows an authenticated attacker with contributor+ privileges to include and execute arbitra...

8.8CVSS9.5AI score0.01624EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/03/30 4:31 a.m.•18 views

CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw

8.8CVSS7.8AI score0.01624EPSS

CNNVD•added 2024/03/30 12:0 a.m.•4 views

WordPress Plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS7.6AI score0.00256EPSS

Positive Technologies•added 2024/03/30 12:0 a.m.•6 views

PT-2024-18666 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.6 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the...

8.8CVSS9.7AI score0.01624EPSS

Exploits0References7

CNNVD•added 2024/03/30 12:0 a.m.•14 views

WordPress Plugin ElementsKit Elementor addons 安全漏洞

8.8CVSS7.9AI score0.01624EPSS

Exploits0References4

WPVulnDB•added 2024/03/18 12:0 a.m.•19 views

ElementsKit Elementor addons < 3.0.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

5.5CVSS5.9AI score0.00149EPSS

WPVulnDB•added 2024/03/18 12:0 a.m.•13 views

ElementsKit Elementor addons < 3.0.5 - Contributor+ Stored XSS

6.4CVSS5.9AI score0.00207EPSS

OSV•added 2024/03/16 3:15 a.m.•0 views

CVE-2024-2042

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score

OSV•added 2024/03/16 3:15 a.m.•2 views

CVE-2024-1239

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00207EPSS

OSV•added 2024/03/16 3:15 a.m.•1 views

CVE-2023-6525

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

4.8CVSS7.3AI score0.00149EPSS

NVD•added 2024/03/16 3:15 a.m.•10 views

CVE-2024-1239

6.4CVSS5.7AI score0.00207EPSS