73 matches found
CVE-2024-11829
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...
CVE-2024-11829
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...
WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-3824 · Themeisle · Orbit Fox
Name of the Vulnerable Software and Affected Versions: Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Pricing Table widget due to insufficient input sanitization and output escapi...
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Pricing Table Widget vulnerability discovered by Webbernaut in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.43...
CVE-2024-8902
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the rendercolumn function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-39309 · WordPress · Elementor Addon Elements
Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data v...
CVE-2024-5263
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-35403 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Motion Text and Table widgets. This allows...
WordPress Gum Elementor Addon plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Price Table and Post Slider Widgets vulnerability discovered by stealthcopter in WordPress Plugin Gum Elementor Addon versions = 1.3.4...
PT-2024-32108 · WordPress · Gum Elementor Addon
Name of the Vulnerable Software and Affected Versions: Gum Elementor Addon plugin for WordPress versions up to, and including, 1.3.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Price Table and Post Slider widgets. This...
WordPress Primary Addon for Elementor plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Pricing Table Widget vulnerability discovered by stealthcopter in WordPress Plugin Primary Addon for Elementor versions = 1.5.5...
CVE-2024-5229
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5229
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5229
CVE-2024-5229 affects the Primary Addon for Elementor plugin (WordPress) through the Pricing Table widget in versions up to and including 1.5.5. The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes. Exploit...
CVE-2024-5229 Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-35156 · WordPress · Primary Addon For Elementor
Name of the Vulnerable Software and Affected Versions: Primary Addon for Elementor plugin for WordPress versions up to, and including, 1.5.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Pricing Table widget,...
CVE-2024-2142
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2024-2142
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...