19 matches found
CVE-2026-1512
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-1512
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-1512
CVE-2026-1512 maps to a vulnerability in the WordPress plugin Essential Addons for Elementor, specifically versions 6.5.9 and earlier. The issue is Authenticated (Contributor+) Stored Cross-Site Scripting via the Info Box Widget. The connected document confirms the vulnerability class and affecte...
CVE-2026-1512
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...
PT-2026-8101
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...
WordPress Essential Addons for Elementor plugin <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Info Box Widget vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Essential Addons for Elementor versions = 6.5.9...
CVE-2024-1768
The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2022-1294
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...
VulnCheck KEV: CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately,...
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...
CVE-2021-4332 The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the...
WordPress IMDB info box plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress IMDB info box plugin has a cross-site scripting vulnerability that stems from failure to clean and...
CVE-2022-1294
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1294 IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress IMDB Info Box plugin <= 2.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress IMDB Info Box plugin versions = 2.0. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...
IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed As administrator, put the following payload in any of the plugin's settings and save: "alert/XSS/;...