68 matches found
CVE-2024-12340
The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with...
CVE-2024-8910
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-10352
The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the getcontenttype function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2024-8899
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the rendercontent function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-10316
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...
CVE-2021-24969
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...
CVE-2024-13217
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expireddata' and 'buildcontent' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...
CVE-2024-13217
CVE-2024-13217 affects the Jeg Elementor Kit WordPress plugin. The vulnerability arises from the expired_data and build_content functions, enabling authenticated attackers with Contributor+ (and above) to exfiltrate sensitive template data (private, pending, scheduled, and drafts). The issue is d...
PT-2025-8932 · WordPress · Jeg Elementor Kit
Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template da...
CVE-2024-10324
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the registercontrols function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access a...
PT-2025-1586 · WordPress · Romethemekit For Elementor
Name of the Vulnerable Software and Affected Versions: RomethemeKit For Elementor plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data...
WordPress plugin Elementor Addon Elements 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-12340 Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template
The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with...
WordPress plugin Animation Addons for Elementor 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2024-10356
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
PT-2024-16215 · Unknown · Elementsready Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions up to, and including, 6.4.8 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data due to...
CVE-2024-8899
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the rendercontent function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and...
PT-2024-39307 · WordPress · Jeg Elementor Kit
Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is...
WordPress plugin Jeg Elementor Kit 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...
CVE-2024-10316
CVE-2024-10316 involves the Stratum – Elementor Widgets WordPress plugin. The vulnerability affects all versions up to and including 1.4.4 and resides in includes/templates/content-switcher.php, enabling authenticated attackers with Contributor+ privileges to exfiltrate sensitive template data (p...