Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2021/05/17 5:15 p.m.1 views

CVE-2021-24292

The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2021/04/05 7:15 p.m.0 views

CVE-2021-24206

In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget includes/widgets/image-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2021/04/05 7:15 p.m.0 views

CVE-2021-24205

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifi...

5.4CVSS5.8AI score0.0011EPSS
Exploits2References2
OSV
OSVadded 2021/04/05 7:15 p.m.1 views

CVE-2021-24204

In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget includes/widgets/accordion.php accepts a ‘titlehtmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

5.4CVSS6AI score0.0011EPSS
Exploits2References2
OSV
OSVadded 2021/04/05 7:15 p.m.3 views

CVE-2021-24203

In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget includes/widgets/divider.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2021/04/05 7:15 p.m.2 views

CVE-2021-24202

In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget includes/widgets/heading.php accepts a ‘headersize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modifie...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2021/04/05 7:15 p.m.1 views

CVE-2021-24201

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element includes/elements/column.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified...

5.4CVSS6AI score0.0012EPSS
Exploits2References2
WPVulnDB
WPVulnDBadded 2021/03/17 12:0 a.m.14 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element

In the plugin, the column element includes/elements/column.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in th...

3.5CVSS0.1AI score0.0012EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder