8 matches found
EUVD-2026-41416
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
EUVD-2026-41409
Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...
PT-2026-55266
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...
WordPress Essential Addons for Elementor plugin <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via nomoreitemstext Parameter vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.27...
WordPress Essential Addons for Elementor plugin <= 5.9.26 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Essential Addons for Elementor versions = 5.9.26...
WordPress Essential Addons for Elementor plugin <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Feed vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.21...
WordPress Essential Addons for Elementor plugin <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Addons for Elementor versions = 5.9.20...
PT-2024-31931 · Elementor · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor versions up to, and including, 5.9.20 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...