Lucene search
K

73 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:0 a.m.11 views

CVE-2024-11829

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...

6.4CVSS5.8AI score0.00399EPSS
Exploits0References1
OSV
OSV
added 2025/02/01 7:15 a.m.4 views

CVE-2024-11829

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...

5.4CVSS5.9AI score0.00399EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/01 12:0 a.m.5 views

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS8.3AI score0.00399EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.5 views

PT-2025-3824 · Themeisle · Orbit Fox

Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Pricing Table widget due to insufficient input sanitization and output escapi...

6.4CVSS7.9AI score0.00337EPSS
Exploits0References15
Patchstack
Patchstack
added 2025/01/09 10:53 p.m.7 views

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Pricing Table Widget vulnerability discovered by Webbernaut in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.43...

6.4CVSS5.8AI score0.00337EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/12 10:15 a.m.5 views

CVE-2024-8902

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the rendercolumn function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.8AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.6 views

PT-2024-39309 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data v...

4.3CVSS6.5AI score0.00368EPSS
Exploits0References7
OSV
OSV
added 2024/06/15 2:15 a.m.4 views

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/15 12:0 a.m.3 views

PT-2024-35403 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Motion Text and Table widgets. This allows...

6.4CVSS7.2AI score0.00263EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/30 12:4 a.m.4 views

WordPress Gum Elementor Addon plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Price Table and Post Slider Widgets vulnerability discovered by stealthcopter in WordPress Plugin Gum Elementor Addon versions = 1.3.4...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-32108 · WordPress · Gum Elementor Addon

Name of the Vulnerable Software and Affected Versions: Gum Elementor Addon plugin for WordPress versions up to, and including, 1.3.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Price Table and Post Slider widgets. This...

6.4CVSS6.9AI score0.00342EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/05/27 1:43 a.m.4 views

WordPress Primary Addon for Elementor plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Pricing Table Widget vulnerability discovered by stealthcopter in WordPress Plugin Primary Addon for Elementor versions = 1.5.5...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/25 3:15 a.m.5 views

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00342EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/05/25 3:15 a.m.3 views

CVE-2024-5229

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00342EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/25 2:34 a.m.34 views

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00342EPSS
Exploits0References5
CVE
CVE
added 2024/05/25 2:34 a.m.55 views

CVE-2024-5229

CVE-2024-5229 affects the Primary Addon for Elementor plugin (WordPress) through the Pricing Table widget in versions up to and including 1.5.5. The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes. Exploit...

6.4CVSS5.9AI score0.00342EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/25 2:34 a.m.21 views

CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/25 12:0 a.m.6 views

PT-2024-35156 · WordPress · Primary Addon For Elementor

Name of the Vulnerable Software and Affected Versions: Primary Addon for Elementor plugin for WordPress versions up to, and including, 1.5.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Pricing Table widget,...

6.4CVSS6.9AI score0.00342EPSS
Exploits0References8
OSV
OSV
added 2024/03/30 7:15 a.m.7 views

CVE-2024-2142

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

5.4CVSS7.4AI score0.00433EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/30 6:44 a.m.11 views

CVE-2024-2142

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.8AI score0.00433EPSS
Exploits0References3
Rows per page
Query Builder