Lucene search
K

171 matches found

ATTACKERKB
ATTACKERKB
added 2024/08/23 9:15 a.m.2 views

CVE-2024-5502

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00303EPSS
Exploits0References6
NVD
NVD
added 2024/08/23 9:15 a.m.16 views

CVE-2024-5502

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00303EPSS
Exploits0References5
OSV
OSV
added 2024/08/23 9:15 a.m.6 views

CVE-2024-5502

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS6AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.7 views

PT-2024-36461 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions 1.0 through 2.4.30 Description: The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and...

6.4CVSS5.9AI score0.00303EPSS
Exploits0References17
Patchstack
Patchstack
added 2024/07/01 3:50 a.m.5 views

WordPress Happy Addons for Elementor plugin <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gradient Heading Widget vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.11.1...

6.4CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/29 7:15 a.m.5 views

CVE-2024-5790

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00332EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/29 7:5 a.m.13 views

CVE-2024-5790 Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.6 views

PT-2024-37156 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.11.1 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the plugin's Gradient Heading widget due to insufficient input...

6.4CVSS6.2AI score0.00332EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2024/06/25 2:15 p.m.2 views

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 6:15 a.m.4 views

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headingtag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/03 12:0 a.m.7 views

PT-2024-32308 · WordPress · The Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Cowidgets – Elementor Addons plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the heading tag parameter due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00349EPSS
Exploits0References8
OSV
OSV
added 2024/05/30 6:15 a.m.10 views

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...

5.4CVSS5.9AI score0.00273EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/30 6:15 a.m.3 views

CVE-2024-5341

The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6.1AI score0.00273EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-35733 · WordPress · The Plus Addons For Elementor Page Builder

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder plugin for WordPress versions up to, and including, 5.5.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the size...

6.4CVSS6.8AI score0.00273EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/05/29 11:57 p.m.8 views

WordPress The Plus Addons for Elementor Pro plugin <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Heading Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Pro versions = 5.5.4...

6.4CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/15 3:15 a.m.2 views

CVE-2024-4208

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

5.4CVSS5.9AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.11 views

PT-2024-29734 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.37 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes i...

6.4CVSS6.9AI score0.00265EPSS
Exploits0References6
OSV
OSV
added 2024/05/14 3:42 p.m.4 views

CVE-2024-3831

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS6AI score0.00429EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/09 6:45 a.m.5 views

WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Heading widget vulnerability discovered by Sebastião Gavião Sebastgav in WordPress Plugin Enter Addons versions = 2.1.5...

6.4CVSS5.2AI score0.00429EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-27938 · WordPress · Enter Addons – Ultimate Template Builder For Elementor

Name of the Vulnerable Software and Affected Versions: Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress versions up to, and including, 2.1.5 Description: The issue is related to Stored Cross-Site Scripting via the Heading widget due to insufficient input sanitization an...

6.4CVSS6.2AI score0.00429EPSS
Exploits0References5
Rows per page
Query Builder