171 matches found
CVE-2024-5502
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-5502
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-5502
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...
PT-2024-36461 · WordPress · Piotnet Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions 1.0 through 2.4.30 Description: The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and...
WordPress Happy Addons for Elementor plugin <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gradient Heading Widget vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.11.1...
CVE-2024-5790
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5790 Happy Addons for Elementor <= 3.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gradient Heading Widget
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-37156 · WordPress · Happy Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.11.1 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the plugin's Gradient Heading widget due to insufficient input...
CVE-2024-5451
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...
CVE-2024-4697
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headingtag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-32308 · WordPress · The Cowidgets – Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Cowidgets – Elementor Addons plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the heading tag parameter due to insufficient input sanitization and output...
CVE-2024-5341
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-5341
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes...
PT-2024-35733 · WordPress · The Plus Addons For Elementor Page Builder
Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Page Builder plugin for WordPress versions up to, and including, 5.5.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the size...
WordPress The Plus Addons for Elementor Pro plugin <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Heading Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Pro versions = 5.5.4...
CVE-2024-4208
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...
PT-2024-29734 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp
Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.37 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes i...
CVE-2024-3831
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Heading widget vulnerability discovered by Sebastião Gavião Sebastgav in WordPress Plugin Enter Addons versions = 2.1.5...
PT-2024-27938 · WordPress · Enter Addons – Ultimate Template Builder For Elementor
Name of the Vulnerable Software and Affected Versions: Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress versions up to, and including, 2.1.5 Description: The issue is related to Stored Cross-Site Scripting via the Heading widget due to insufficient input sanitization an...