9 matches found
WordPress Xpro Addons For Elementor plugin <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Site Title' widget vulnerability discovered by Prissy - Developer in WordPress Plugin Xpro Elementor Addons versions = 1.4.7.1...
CVE-2024-5757
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-2108
The CVE CVE-2025-2108 affects the WordPress plugin “140+ Widgets | Xpro Addons For Elementor – FREE”. It is a Stored Cross-Site Scripting vulnerability in the Site Title widget via the title_tag and html_tag parameters, exploitable by authenticated users with Contributor-level access and above. A...
WordPress plugin Xpro Addons For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Elementor Header & Footer Builder < 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget
Description The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-5757
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5757 Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-37124 · WordPress · Elementor Header & Footer Builder
Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.35 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget due to insufficient inpu...
WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability
Authenticated Stored Cross-Site Scripting via Site Title Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.35...