CVE-2024-5349

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'mapstyle' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...