Lucene search
K

11 matches found

Cvelist
Cvelist
added 2024/10/28 5:57 p.m.16 views

CVE-2024-50447 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce envo-elementor-for-woocommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a...

6.5CVSS0.00239EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.9 views

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.19 Fixed in 1.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c4d14cb691 Credits...

6.5CVSS6.3AI score0.00239EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/18 9:12 p.m.8 views

CVE-2024-43292 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16...

5.9CVSS6.8AI score0.00244EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.9 views

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.5AI score0.00423EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/13 10:2 a.m.13 views

CVE-2024-35167 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8...

6.5CVSS6.8AI score0.00423EPSS
Exploits0References1
Prion
Prion
added 2024/02/28 9:15 a.m.18 views

Design/Logic Flaw

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4CVSS6.9AI score0.00457EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 9:15 a.m.21 views

Cross site request forgery (csrf)

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...

4.3CVSS4.5AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.28 views

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS4.7AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.15 views

CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...

4.3CVSS6.7AI score0.00322EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/02/28 12:0 a.m.11 views

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0767 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

4.3CVSS6.6AI score0.00275EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/28 12:0 a.m.13 views

WordPress Envo's Elementor Templates & Widgets for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo's Elementor Templates & Widgets for WooCommerce Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0768 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

4.3CVSS6.6AI score0.00322EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder