16 matches found
CVE-2025-8779
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
EUVD-2025-203241
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8779
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8779 All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8779
CVE-2025-8779: All-in-One Addons for Elementor – WidgetKit (WordPress) is affected by a stored XSS in the Team and Countdown widgets due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated access at contributor level or higher, e...
CVE-2025-8779 All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability discovered by zer0gh0st in WordPress Plugin WidgetKit versions = 2.5.6...
PT-2025-51093
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress plugin All-in-One Addons for Elementor – WidgetKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
EUVD-2024-33498
Malicious code in bioql PyPI...
CVE-2024-10484
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-10484
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-10484 Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-16310 · WordPress · Spectra
Name of the Vulnerable Software and Affected Versions: Spectra – WordPress Gutenberg Blocks plugin for WordPress versions up to, and including, 2.16.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'Team' widget due to insufficient input sanitization and output...
WordPress Spectra plugin <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Team Widget vulnerability discovered by zer0gh0st in WordPress Plugin Spectra versions = 2.16.2...
MAL-2022-3711 Malicious code in hub-project-team-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7c794f406836eb00a75225254917bf75481a01646687d3e3ee49973962b3872 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...