Lucene search
K

46 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.8 views

CVE-2024-2619

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...

5.4CVSS6.2AI score0.00377EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-33303

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.0049EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46909

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00401EPSS
Exploits0References4
NVD
NVD
added 2025/08/02 10:15 a.m.6 views

CVE-2025-8488

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...

4.3CVSS0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:30 a.m.5 views

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:31 a.m.8 views

CVE-2024-10794

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.0049EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/23 4:23 a.m.43 views

CVE-2024-11230 Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.003EPSS
Exploits0References3
NVD
NVD
added 2024/11/13 4:15 a.m.15 views

CVE-2024-10794

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS0.0049EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/13 3:20 a.m.16 views

CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.0049EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/13 3:20 a.m.21 views

CVE-2024-10794 Boostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post Disclosure

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS0.0049EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 3:20 a.m.73 views

CVE-2024-10794

CVE-2024-10794 concerns the Boostify Header Footer Builder for Elementor WordPress plugin (affected versions

4.3CVSS4.3AI score0.0049EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.14 views

WordPress Boostify Header Footer Builder for Elementor Plugin <= 1.3.6 is vulnerable to Sensitive Data Exposure

Software Boostify Header Footer Builder for Elementor Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-10794 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8590719f26b7 Credits...

4.3CVSS6.7AI score0.0049EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/08 12:15 p.m.6 views

CVE-2024-10325

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
NVD
NVD
added 2024/11/08 12:15 p.m.27 views

CVE-2024-10325

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/08 11:31 a.m.20 views

CVE-2024-10325 Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/08 7:21 a.m.7 views

WordPress Elementor Header & Footer Builder plugin <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.45...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/24 9:15 a.m.5 views

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

4.3CVSS5.8AI score0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/24 8:32 a.m.15 views

CVE-2024-10050 Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

4.3CVSS6.4AI score0.00471EPSS
Exploits0References3
CVE
CVE
added 2024/10/24 8:32 a.m.108 views

CVE-2024-10050

CVE-2024-10050 affects Elementor Header & Footer Builder for WordPress up to version 1.6.43, enabling information disclosure via the hfe_template shortcode. Authenticated users with Contributor+ can view Draft, Private, and password‑protected posts they do not own. The vulnerability is documented...

4.3CVSS4.6AI score0.00471EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/24 8:32 a.m.18 views

CVE-2024-10050 Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

4.3CVSS0.00471EPSS
Exploits0References3
Rows per page
Query Builder