4 matches found
WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Panel Slider Widget vulnerability discovered by RandomRoot in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...
CVE-2024-1429
The CVE-2024-1429 entry concerns Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) for WordPress. It describes a Stored Cross-Site Scripting flaw in the Panel Slider widget, exploitable via the tab_link attribute, across all versions up to and...
PT-2024-18039 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.0 Description: The issue is related to Stored Cross-Site Scripting via the tab link attribute of the Panel Slider widget due to insufficient input...
Element Pack Elementor Addons < 5.6.1 - Contributor+ Stored XSS via Panel Slider Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tablink’ attribute of the Panel Slider widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary w...