Lucene search
K

8 matches found

EUVD
EUVD
added last week7 views

EUVD-2026-41416

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-41409

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55266

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...

7.1CVSS6AI score0.00207EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/08/13 3:0 a.m.4 views

WordPress Essential Addons for Elementor plugin <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via nomoreitemstext Parameter vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.27...

6.4CVSS5.8AI score0.00416EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/01 2:7 p.m.3 views

WordPress Essential Addons for Elementor plugin <= 5.9.26 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Essential Addons for Elementor versions = 5.9.26...

6.5CVSS6.1AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/29 11:58 p.m.4 views

WordPress Essential Addons for Elementor plugin <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Feed vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.21...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/14 1:32 a.m.5 views

WordPress Essential Addons for Elementor plugin <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Addons for Elementor versions = 5.9.20...

6.4CVSS5.7AI score0.00441EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.4 views

PT-2024-31931 · Elementor · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor versions up to, and including, 5.9.20 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

6.4CVSS5.9AI score0.00441EPSS
Exploits0References5
Rows per page
Query Builder