Lucene search
K

68 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.7 views

CVE-2024-12340

The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.4 views

CVE-2024-8910

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS6.5AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.5 views

CVE-2024-10352

The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the getcontenttype function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3CVSS5.8AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:18 a.m.17 views

CVE-2024-8899

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the rendercontent function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS4.3AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.6 views

CVE-2024-10316

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

4.3CVSS4.3AI score0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.10 views

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...

5.4CVSS6AI score0.006EPSS
Exploits2References1
OSV
OSV
added 2025/02/27 12:15 p.m.4 views

CVE-2024-13217

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expireddata' and 'buildcontent' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

4.3CVSS7.3AI score0.00352EPSS
Exploits0References4
CVE
CVE
added 2025/02/27 11:13 a.m.73 views

CVE-2024-13217

CVE-2024-13217 affects the Jeg Elementor Kit WordPress plugin. The vulnerability arises from the expired_data and build_content functions, enabling authenticated attackers with Contributor+ (and above) to exfiltrate sensitive template data (private, pending, scheduled, and drafts). The issue is d...

4.3CVSS6.5AI score0.00352EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.3 views

PT-2025-8932 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template da...

4.3CVSS9.4AI score0.00352EPSS
Exploits0References10
OSV
OSV
added 2025/01/24 2:15 p.m.0 views

CVE-2024-10324

The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the registercontrols function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access a...

4.3CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.3 views

PT-2025-1586 · WordPress · Romethemekit For Elementor

Name of the Vulnerable Software and Affected Versions: RomethemeKit For Elementor plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data...

4.3CVSS6.6AI score0.00259EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.4 views

WordPress plugin Elementor Addon Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.3CVSS8.2AI score0.00503EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/18 9:22 a.m.11 views

CVE-2024-12340 Animation Addons for Elementor <= 1.1.6 - Authenticated (Contributor+) Sensitive Information Exposure via Content Slider and Tabs Widget Elementor Template

The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.1 views

WordPress plugin Animation Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

4.3CVSS7.8AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2024/12/17 1:15 p.m.5 views

CVE-2024-10356

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

4.3CVSS7.3AI score0.0041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/17 12:0 a.m.6 views

PT-2024-16215 · Unknown · Elementsready Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementsReady Addons for Elementor versions up to, and including, 6.4.8 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data due to...

4.3CVSS9.4AI score0.0041EPSS
Exploits0References8
OSV
OSV
added 2024/11/26 11:22 a.m.6 views

CVE-2024-8899

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the rendercontent function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS7.3AI score0.004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.4 views

PT-2024-39307 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is...

4.3CVSS6.6AI score0.004EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

WordPress plugin Jeg Elementor Kit 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

4.3CVSS7.9AI score0.004EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 11:2 a.m.57 views

CVE-2024-10316

CVE-2024-10316 involves the Stratum – Elementor Widgets WordPress plugin. The vulnerability affects all versions up to and including 1.4.4 and resides in includes/templates/content-switcher.php, enabling authenticated attackers with Contributor+ privileges to exfiltrate sensitive template data (p...

4.3CVSS4.3AI score0.00509EPSS
Exploits0References2
Rows per page
Query Builder