CVE-2023-6525

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2023-6525 ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2023-6525

CVE-2023-6525 affects ElementsKit Elementor addons for WordPress. Vulnerability: Stored XSS in the progress bar element attributes due to insufficient input sanitization and output escaping. Affected versions: all up to and including 3.0.3. Impact: authenticated attackers with editor-level access...

CVE-2024-2042

CVE-2024-2042 is a Stored XSS affecting the ElementsKit Elementor addons plugin for WordPress, via the Image Accordion widget. It affects all versions up to and including 3.0.5 due to insufficient input sanitization and output escaping, enabling authenticated attackers with contributor-level acce...

CVE-2024-2042 ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-2042 ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1239 ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1239

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1239

CVE-2024-1239 affects ElementsKit Elementor addons for WordPress and is a Stored XSS vulnerability present in all versions up to 3.0.4 due to insufficient input sanitization and output escaping. Authenticated attackers with contributor access or higher can inject arbitrary script that executes in...

WordPress Plugin ElementsKit Elementor addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin ElementsKit Elementor addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin ElementsKit Elementor addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-14993 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.3 Description: The issue is related to Stored Cross-Site Scripting via the progress bar element attributes due to insufficient input sanitization and output...

PT-2024-17574 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.4 Description: The issue is related to Stored Cross-Site Scripting via the blog post read more button due to insufficient input sanitization and output...

PT-2024-18662 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.5 Description: The issue is related to Stored Cross-Site Scripting via the Image Accordion widget due to insufficient input sanitization and output escaping...

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

Design/Logic Flaw

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...

CVE-2023-6582 ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...