526 matches found
CVE-2025-3106
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-46477
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Stored XSS.This issue affects WP Customize Login Page: from n/a through = 1.6.5...
CVE-2025-46477 WordPress WP Customize Login Page plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Stored XSS.This issue affects WP Customize Login Page: from n/a through = 1.6.5...
CVE-2025-46477
CVE-2025-46477 : WordPress plugin WP Customize Login Page
PT-2025-17798 · WordPress · Carlo La Pera Wp Customize Login Page
Name of the Vulnerable Software and Affected Versions: Carlo La Pera WP Customize Login Page versions 1.6.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This mean...
CVE-2025-3106
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-3106
CVE-2025-3106 affects LA-Studio Element Kit for Elementor (WordPress) up to version 1.4.9, enabling Stored Cross-Site Scripting via the Table of Contents widget when a contributor+ user supplies crafted attributes. Root cause: insufficient input sanitization and output escaping on user-provided a...
WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-17290 · WordPress · La-Studio Element Kit For Elementor
Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Table of Contents widget due to insufficient input sanitization an...
CVE-2025-32194
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...
CVE-2025-32194
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...
CVE-2025-32194
CVE-2025-32194 is a Stored XSS vulnerability in LA-Studio Element Kit for Elementor. Connected docs confirm the issue affects LA-Studio Element Kit for Elementor and specifically versions up to 1.5.1 (the Wordfence entry lists “LA-Studio Element Kit for Elementor
CVE-2025-32194 WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...
CVE-2025-32194 WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.1...
PT-2025-14976 · Unknown · La-Studio Element Kit For Elementor
Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor versions 1.4.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-37479
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...
CVE-2023-50884
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.1.5...