68 matches found
WordPress plugin The Plus Addons for Elementor 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2024-10360 Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it...
WordPress plugin Exclusive Addons for Elementor 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
PT-2024-16179 · Unknown · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor versions up to, and including, 2.7.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data via the render...
WordPress plugin Move Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-9541
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template
The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2024-9540
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-9540
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-8913
CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...
PT-2024-39314 · Elementor · The Plus Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions prior to 5.6.12 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is possible due to...
CVE-2024-8910
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-29709 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.31 Description: The issue allows authenticated attackers with subscriber-level access and above to retrieve Elementor template data due to a missing...
CVE-2024-1741
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...
CVE-2024-1741 Improper Authorization in lunary-ai/lunary
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...
CVE-2022-0320
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...
PT-2022-13102 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Essential Addons for Elementor WordPress plugin versions prior to 5.0.5 Description: The issue concerns a lack of validation and sanitization of certain template data in include statements. This could allow unauthenticated attackers to perfor...
CVE-2021-24969
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...
CVE-2021-24969 Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...
Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting
The plugin does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such as subscriber is able to call it and perform...