CVE-2024-37466 WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2...

CVE-2024-37466 WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2...

AI device Rabbit r1 logged user interactions without an option to erase them before selling

Rabbit, the manufacturer of the Artificial Intelligence AI assistant r1 has issued a security advisory telling users its found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that...

CVE-2024-38706

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7...

CVE-2024-38706

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

CVE-2024-38706 WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

CVE-2024-38706 WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

CVE-2024-38706

Technical details about CVE-2024-38706 are not publicly provided in the connected documents. Please monitor for updates from vendors/affiliates for affected HT Mega versions and remediation status.

WordPress plugin HT Mega path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability

JSON Path Traversal vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin HT Mega versions = 2.5.7...

WordPress HT Mega Plugin <= 2.5.7 is vulnerable to Path Traversal

Software HT Mega Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-38706 Patch priority Medium CVSS severity Medium 6.5 Developer HTMega PSID b18f0032ef99 Credits Rafie Muhammad Patchstack Required privilege...

VulnCheck KEV: CVE-2024-38706

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

CVE-2024-4482

CVE-2024-4482 : The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is affected by Stored Cross-Site Scripting via the Countdown widget. Root cause: insufficient input sanitization and output escaping on the user-supplied text_day...

WordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerability

Contributor+ Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.2.2...

WordPress Mega Elements Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37466 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2dbf20c7c841 Credits João Pedro S Alcântara Kinorth Required...

CVE-2024-5215

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5215

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5215 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5215

CVE-2024-5215 affects the HT Mega – Absolute Addons For Elementor WordPress plugin. The vulnerability is Stored Cross‑Site Scripting caused by insufficient input sanitization and output escaping on user-supplied attributes in multiple widgets. Affected versions are all up to and including 2.5.5. ...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.5.5 - Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability

Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin HT Mega versions = 2.5.5...