58 matches found
PT-2024-18039 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.0 Description: The issue is related to Stored Cross-Site Scripting via the tab link attribute of the Panel Slider widget due to insufficient input...
CVE-2024-0837
The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...
CVE-2024-0837 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget
The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...
CVE-2024-1428 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget
The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget in all versions up...
CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...
CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...
WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Powr Pack Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45609 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b52dad403861 Credits resecured.io Required privilege Contributor...
CVE-2023-44984
CVE-2023-44984: WordPress bbp style pack plugin
CVE-2023-33997
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Robin Wilson bbp style pack plugin = 5.5.5 versions...
CVE-2023-33997
CVE-2023-33997 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress bbp style pack plugin 5.5.5 and earlier. Root cause: input is reflected without proper sanitization, enabling injection of script into pages viewed by users. Impact: potential script ex...
WordPress Mobile Pack Plugin for WordPress < 2.0.2 Sensitive Information Disclosure
The WordPress WordPress Mobile Pack Plugin installed on the remote host is affected by a Sensitive Information Disclosure. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2022-44588
CVE-2022-44588 affects WordPress Cryptocurrency Widgets Pack Plugin and versions
CVE-2022-44588 WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin =1.8.1 on WordPress...
CVE-2022-44588 WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin =1.8.1 on WordPress...
PT-2022-27259
Name of the Vulnerable Software and Affected Versions Cryptocurrency Widgets Pack Plugin versions =1.8.1 Description The issue is related to an unauthorized SQL Injection vulnerability. This vulnerability affects the Cryptocurrency Widgets Pack Plugin on WordPress. Recommendations For versions...
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2018-1000008 via org.jvnet.hudson.plugins:pmd (>=3.33 <=3.42)
org.jvnet.hudson.plugins:pmd MAVEN version =3.33, =1.7.2, =1.0.0, =1.7.1 - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2018-1000008 Source advisory: OSV:GHSA-687X-269M-7CV9...
The vulnerability of the Token Authentication logic in the Action Controller component of the actionpack plugin for the Ruby on Rails software framework allows a hacker to cause a service failure due to uncontrolled resource consumption.
The vulnerability of the Token Authentication logic in the Action Controller component of the actionpack plugin for the Ruby on Rails software framework is related to insufficiently strict regular expressions. Exploiting this vulnerability could allow an attacker to cause a service failure...
WordPress All In One SEO Pack Plugin Cross-site Scripting
A cross-site scripting vulnerability exists in WordPress All In One SEO Pack plugin. Successful exploitation of this vulnerability would allow a remote attacker to insert malicious code into the effected system...