Lucene search
K

5 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Essential Addons for Elementor plugin <= 6.0.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.0.4...

6.4CVSS5.3AI score0.00292EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/12 7:0 a.m.12 views

CVE-2024-12589 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00234EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 1:15 p.m.33 views

CVE-2024-5818

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00263EPSS
Exploits0References2
CVE
CVE
added 2024/07/24 12:43 p.m.54 views

CVE-2024-5818

CVE-2024-5818 affects the Royal Elementor Addons and Templates WordPress plugin. It exposes a Stored DOM-based XSS via the Magazine Grid/Slider widget in all versions ≤ 1.3.980 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least C...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/12 6:55 a.m.5 views

WordPress Premium Addons for Elementor plugin <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Animated Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.36...

6.4CVSS6.1AI score0.00311EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder