Lucene search
K

58 matches found

Patchstack
Patchstack
added 2024/07/01 12:5 p.m.4 views

WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability

Contributor+ Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.2.2...

6.5CVSS6.1AI score0.00279EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/01 12:0 a.m.10 views

WordPress Mega Elements Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37466 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2dbf20c7c841 Credits João Pedro S Alcântara Kinorth Required...

6.5CVSS6.6AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/15 12:15 p.m.5 views

CVE-2024-4702

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

5.4CVSS5.9AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/15 11:33 a.m.12 views

CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.8AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2024/05/15 11:33 a.m.37 views

CVE-2024-4702

CVE-2024-4702 refers to a Stored Cross-Site Scripting flaw in the Mega Elements – Addons for Elementor WordPress plugin. The issue arises in the Button widget, due to insufficient input sanitization and output escaping on user-supplied attributes, enabling an attacker with contributor-level acces...

6.4CVSS5.7AI score0.00334EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/15 1:54 a.m.4 views

WordPress Mega Elements plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by stealthcopter in WordPress Plugin Mega Elements versions = 1.2.1...

6.4CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.14 views

WordPress Mega Elements Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4702 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ecd07d502745 Credits stealthcopter Required...

6.4CVSS5.8AI score0.00334EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.3 views

WordPress plugin Mega Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS6AI score0.00334EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.14 views

Mega Elements < 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/18 10:15 a.m.3 views

CVE-2024-32575

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2024/04/18 10:15 a.m.14 views

CVE-2024-32575

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/18 9:35 a.m.19 views

CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...

6.5CVSS6.7AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2024/04/18 9:35 a.m.67 views

CVE-2024-32575

CVE-2024-32575 affects Mega Elements – Addons for Elementor. The vulnerability is a Stored Cross-Site Scripting (XSS) in Mega Elements &lt;= 1.1.9. Public sources (Red Hat advisory and Wordfence vulnerability details) confirm the affected product and the issue type. The issue arises from improper...

6.5CVSS5.2AI score0.00317EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/18 9:35 a.m.21 views

CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.5 views

WordPress Plugin Mega Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.6 views

PT-2024-24696 · Kraftplugins · Kraftplugins Mega Elements

Name of the Vulnerable Software and Affected Versions: Kraftplugins Mega Elements versions 1.1.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means an attacker can inject malicious scripts into the...

6.5CVSS6.3AI score0.00317EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/04/16 2:43 p.m.5 views

WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.1.9...

6.5CVSS6.1AI score0.00317EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.11 views

WordPress Mega Elements Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b1637cfd5a7d Credits Khalid Yusuf Required privilege...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder