Lucene search
+L

526 matches found

Vulnrichment
Vulnrichment
added 2025/09/06 2:24 a.m.2 views

CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References3
CVE
CVE
added 2025/09/06 2:24 a.m.22 views

CVE-2025-8360

CVE-2025-8360 : LA-Studio Element Kit for Elementor (WordPress) is vulnerable to Stored Cross-Site Scripting via multiple widgets. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker with contributor-level access or...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/06 2:24 a.m.9 views

CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/06 12:0 a.m.4 views

WordPress plugin LA-Studio Element Kit for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.7AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.4 views

PT-2025-36350

Name of the Vulnerable Software and Affected Versions: LA-Studio Element Kit for Elementor plugin for WordPress versions up to and including 1.5.5.1 Description: The LA-Studio Element Kit for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple widgets. Th...

6.4CVSS5.1AI score0.00216EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.3 views

Malicious code in @zalastax/nolb-lion-la (npm)

The package @zalastax/nolb-lion-la was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-43322 Malicious code in @zalastax/nolb-lion-la (npm)

The package @zalastax/nolb-lion-la was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in la-interactive-readerui (npm)

The package la-interactive-readerui was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in la-widget-login (npm)

The package la-widget-login was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-24859 Malicious code in la-widget-login (npm)

The package la-widget-login was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.6 views

MAL-2025-24858 Malicious code in la-interactive-readerui (npm)

The package la-interactive-readerui was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/16 12:28 p.m.3 views

Malicious code in @hub-la/payments-proto (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 788034b39545c288d45be9fa12e76155c224c8537b86eed7b0aaf0cf4e501908 The OpenSSF Package Analysis project identified...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/19 11:6 a.m.8 views

Self-Driving Car Video Footage

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and...

7.2AI score
Exploits0
NVD
NVD
added 2025/05/30 12:15 p.m.13 views

CVE-2025-4944

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/30 11:15 a.m.6 views

CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2025/05/30 11:15 a.m.52 views

CVE-2025-4944

CVE-2025-4944 covers the LA-Studio Element Kit for Elementor WordPress plugin. It is vulnerable to stored XSS in all versions up to 1.5.2 via Image Compare and Google Maps widgets due to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability allows auth...

6.4CVSS5.7AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/30 11:15 a.m.19 views

CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00237EPSS
Exploits0References3
NVD
NVD
added 2025/05/30 7:15 a.m.21 views

CVE-2025-4943

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00231EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/05/30 6:57 a.m.8 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability discovered by Robert DeVore in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...

6.4CVSS5.5AI score0.00237EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/30 6:54 a.m.13 views

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...

6.4CVSS5.5AI score0.00231EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder