WordPress Element Pack Elementor Addons Plugin <= 5.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.10.2 Fixed in 5.10.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9657 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe1ff0e5049a Credits Webberna...

PT-2024-39899 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.10.2 Description: The issue is related to Stored Cross-Site Scripting via the marker content parameter in the 'Open Map Widget'. This is due to insufficie...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes one issue. The following security issue was fixed: CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-15060021 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG bsc1231419 CVE-2024-35863: Fixed potential UAF in...

RHEL 6 / 7 : ruby193-rubygem-actionpack (RHSA-2016:1858)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1858 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the view...

RHEL 6 / 7 : ror40-rubygem-actionpack (RHSA-2016:1857)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1857 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the view...

CVE-2024-9868

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization a...

CVE-2024-10310

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'imagetitle' parameter in all versions up to, and including, 5.10.1 due to insufficient input...

CVE-2024-10310

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'imagetitle' parameter in all versions up to, and including, 5.10.1 due to insufficient input...

CVE-2024-9868

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization a...

CVE-2024-9868 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization a...

CVE-2024-9868

CVE-2024-9868 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) . All versions up to and including 5.10.1 are susceptible to a Stored Cross-Site Scripting (XSS) via the Age Gate Widget’s url parameter, caused by in...

CVE-2024-10310 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'imagetitle' parameter in all versions up to, and including, 5.10.1 due to insufficient input...

CVE-2024-10310 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'imagetitle' parameter in all versions up to, and including, 5.10.1 due to insufficient input...

CVE-2024-10310

CVE-2024-10310 affects the WordPress plugin “Element Pack Elementor Addons” (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). It is a stored cross-site scripting (XSS) vulnerability in the Custom Gallery Widget, specifically via the image_title parameter. The issue exists...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Element Pack Elementor Addons plugin <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...

PT-2024-39900 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.10.1 Description: The issue is related to Stored Cross-Site Scripting via the url parameter in the Age Gate Widget, caused by insufficient input...