526 matches found
CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-8360
CVE-2025-8360 : LA-Studio Element Kit for Elementor (WordPress) is vulnerable to Stored Cross-Site Scripting via multiple widgets. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker with contributor-level access or...
CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-36350
Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to and including 1.5.5.1 Description: The LA-Studio Element Kit for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple widgets. Th...
Malicious code in @zalastax/nolb-lion-la (npm)
The package @zalastax/nolb-lion-la was found to contain malicious code...
MAL-2025-43322 Malicious code in @zalastax/nolb-lion-la (npm)
The package @zalastax/nolb-lion-la was found to contain malicious code...
Malicious code in la-interactive-readerui (npm)
The package la-interactive-readerui was found to contain malicious code...
Malicious code in la-widget-login (npm)
The package la-widget-login was found to contain malicious code...
MAL-2025-24859 Malicious code in la-widget-login (npm)
The package la-widget-login was found to contain malicious code...
MAL-2025-24858 Malicious code in la-interactive-readerui (npm)
The package la-interactive-readerui was found to contain malicious code...
Malicious code in @hub-la/payments-proto (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 788034b39545c288d45be9fa12e76155c224c8537b86eed7b0aaf0cf4e501908 The OpenSSF Package Analysis project identified...
Self-Driving Car Video Footage
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and...
CVE-2025-4944
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-4944
CVE-2025-4944 covers the LA-Studio Element Kit for Elementor WordPress plugin. It is vulnerable to stored XSS in all versions up to 1.5.2 via Image Compare and Google Maps widgets due to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability allows auth...
CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-4943
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability discovered by Robert DeVore in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...