Lucene search
+L

8 matches found

Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43611

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
CVE
CVE
added 5 days ago9 views

CVE-2026-11390

Vulnerability summary (CVE-2026-11390): News Kit Addons For Elementor (WordPress) versions up to 1.4.6 are affected by a stored cross-site scripting (XSS) flaw in the Site Logo Title and Single Author Box widgets. The root cause is insufficient input sanitization and output escaping. Exploitation...

6.4CVSS6.2AI score0.00252EPSS
Exploits0References9
CNVD
CNVD
added 2021/09/03 12:0 a.m.8 views

WordPress plugin WP Customize Login 'Change Logo Title' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up websites on servers supporting PHP and MySQL databases, and can also be used as a content management system CMS. cross-site scripting vulnerability exists in the WordPress plugin WP Customize Login 'Change Log...

1.2AI score
Exploits0References1
OSV
OSV
added 2021/08/30 3:15 p.m.6 views

CVE-2021-24581

The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited...

8.8CVSS7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.7 views

WordPress plugin Blue Admin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

8.8CVSS7.6AI score0.04087EPSS
Exploits5References5
Packet Storm
Packet Storm
added 2021/08/04 12:0 a.m.231 views

WordPress WP Customize Login 1.1 Cross Site Scripting

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

0.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/08/04 12:0 a.m.15 views

WP Customize Login <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is vulnerable to Authenticated Stored Cross-Site Scripting XSS in the "Change Logo URL" and Change Logo Title" settings...

1.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder