EUVD-2024-33467

Malicious code in bioql PyPI...

CVE-2024-4479

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sggeneraltoggletabenable and sgaccordionstyle attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input...

CVE-2024-12340

CVE-2024-12340 affects the Animation Addons for Elementor WordPress plugin. The vulnerability is a Sensitive Information Exposure via the render function in widgets/content-slider.php and widgets/tabs.php, allowing authenticated attackers with Contributor+ privileges to extract private, pending, ...

WordPress Animation Addons for Elementor plugin <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template vulnerability discovered by Ankit Patel in WordPress Plugin Animation Addons for Elementor versions = 1.1.6...

CVE-2024-10868

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10868 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10868 Enter Addons – Ultimate Template Builder for Elementor <= 2.1.9 - Authenticated (Contributor+) Post Disclosure

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

PT-2024-16601 · WordPress · Enter Addons – Ultimate Template Builder For Elementor

Name of the Vulnerable Software and Affected Versions: The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress versions up to, and including, 2.1.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or...

PT-2024-31250 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the sg general toggle tab enable and sg...

Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks otwshortcodetabslayout tabs="2"...