Lucene search
+L

526 matches found

RedhatCVE
RedhatCVE
added 2025/04/26 1:5 a.m.12 views

CVE-2025-3106

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2025/04/24 4:15 p.m.13 views

CVE-2025-46477

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Stored XSS.This issue affects WP Customize Login Page: from n/a through = 1.6.5...

5.9CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/24 4:9 p.m.7 views

CVE-2025-46477 WordPress WP Customize Login Page plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Stored XSS.This issue affects WP Customize Login Page: from n/a through = 1.6.5...

5.9CVSS8.6AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/04/24 4:9 p.m.48 views

CVE-2025-46477

CVE-2025-46477 : WordPress plugin WP Customize Login Page

5.9CVSS7.2AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.7 views

PT-2025-17798 · WordPress · Carlo La Pera Wp Customize Login Page

Name of the Vulnerable Software and Affected Versions: Carlo La Pera WP Customize Login Page versions 1.6.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This mean...

5.3CVSS6AI score0.00298EPSS
Exploits0References3
NVD
NVD
added 2025/04/18 10:15 a.m.16 views

CVE-2025-3106

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00364EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/18 9:21 a.m.10 views

CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00364EPSS
Exploits0References4
CVE
CVE
added 2025/04/18 9:21 a.m.77 views

CVE-2025-3106

CVE-2025-3106 affects LA-Studio Element Kit for Elementor (WordPress) up to version 1.4.9, enabling Stored Cross-Site Scripting via the Table of Contents widget when a contributor+ user supplies crafted attributes. Root cause: insufficient input sanitization and output escaping on user-provided a...

6.4CVSS5.7AI score0.00364EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.5 views

WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS7.5AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.7 views

PT-2025-17290 · WordPress · La-Studio Element Kit For Elementor

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to, and including, 1.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Table of Contents widget due to insufficient input sanitization an...

6.4CVSS7.8AI score0.00364EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/04/06 5:1 p.m.12 views

CVE-2025-32194

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...

6.5CVSS7.2AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2025/04/04 4:15 p.m.5 views

CVE-2025-32194

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...

6.5CVSS0.00367EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 3:59 p.m.53 views

CVE-2025-32194

CVE-2025-32194 is a Stored XSS vulnerability in LA-Studio Element Kit for Elementor. Connected docs confirm the issue affects LA-Studio Element Kit for Elementor and specifically versions up to 1.5.1 (the Wordfence entry lists “LA-Studio Element Kit for Elementor

6.5CVSS7.2AI score0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/04 3:59 p.m.10 views

CVE-2025-32194 WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...

6.5CVSS7.2AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 3:59 p.m.18 views

CVE-2025-32194 WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.5.1...

6.5CVSS0.00367EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/04 1:30 p.m.7 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.1...

6.5CVSS6.9AI score0.00367EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.5 views

PT-2025-14976 · Unknown · La-Studio Element Kit For Elementor

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor versions 1.4.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

6.5CVSS6.8AI score0.00367EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.4 views

WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.5AI score0.00367EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:43 a.m.12 views

CVE-2024-37479

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progresstype" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1...

8.5CVSS7AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 p.m.23 views

CVE-2023-50884

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through = 1.1.5...

6.5CVSS0.00548EPSS
Exploits0References1
Rows per page
Query Builder