58 matches found
WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability
Contributor+ Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.2.2...
WordPress Mega Elements Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Mega Elements Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37466 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2dbf20c7c841 Credits João Pedro S Alcântara Kinorth Required...
CVE-2024-4702
The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2024-4702 Mega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2024-4702
CVE-2024-4702 refers to a Stored Cross-Site Scripting flaw in the Mega Elements – Addons for Elementor WordPress plugin. The issue arises in the Button widget, due to insufficient input sanitization and output escaping on user-supplied attributes, enabling an attacker with contributor-level acces...
WordPress Mega Elements plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by stealthcopter in WordPress Plugin Mega Elements versions = 1.2.1...
WordPress Mega Elements Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Mega Elements Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4702 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ecd07d502745 Credits stealthcopter Required...
WordPress plugin Mega Elements 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
Mega Elements < 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-32575
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...
CVE-2024-32575
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...
CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...
CVE-2024-32575
CVE-2024-32575 affects Mega Elements – Addons for Elementor. The vulnerability is a Stored Cross-Site Scripting (XSS) in Mega Elements <= 1.1.9. Public sources (Red Hat advisory and Wordfence vulnerability details) confirm the affected product and the issue type. The issue arises from improper...
CVE-2024-32575 WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.1.9...
WordPress Plugin Mega Elements 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2024-24696 · Kraftplugins · Kraftplugins Mega Elements
Name of the Vulnerable Software and Affected Versions: Kraftplugins Mega Elements versions 1.1.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means an attacker can inject malicious scripts into the...
WordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.1.9...
WordPress Mega Elements Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Mega Elements Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b1637cfd5a7d Credits Khalid Yusuf Required privilege...