Lucene search
K

68 matches found

CNNVD
CNNVD
added 2024/11/20 12:0 a.m.3 views

WordPress plugin The Plus Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

4.3CVSS7.7AI score0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/29 11:1 a.m.13 views

CVE-2024-10360 Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it...

4.3CVSS6.7AI score0.00365EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.2 views

WordPress plugin Exclusive Addons for Elementor 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

4.3CVSS6AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.3 views

PT-2024-16179 · Unknown · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor versions up to, and including, 2.7.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data via the render...

4.3CVSS6.5AI score0.00426EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.6 views

WordPress plugin Move Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.4AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2024/10/22 8:15 a.m.2 views

CVE-2024-9541

The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2024/10/22 7:36 a.m.30 views

CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template

The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS0.00335EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 8:15 a.m.2 views

CVE-2024-9540

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS5.8AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 8:15 a.m.22 views

CVE-2024-9540

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS0.0039EPSS
Exploits0References2
CVE
CVE
added 2024/10/11 8:30 a.m.45 views

CVE-2024-8913

CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...

4.3CVSS4.7AI score0.00368EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.7 views

PT-2024-39314 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions prior to 5.6.12 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is possible due to...

4.3CVSS6.3AI score0.00368EPSS
Exploits0References5
OSV
OSV
added 2024/09/25 7:15 a.m.3 views

CVE-2024-8910

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.8AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.4 views

PT-2024-29709 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.31 Description: The issue allows authenticated attackers with subscriber-level access and above to retrieve Elementor template data due to a missing...

4.3CVSS6.7AI score0.00341EPSS
Exploits0References6
OSV
OSV
added 2024/04/10 5:15 p.m.30 views

CVE-2024-1741

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

9.1CVSS6.8AI score0.00586EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:8 p.m.29 views

CVE-2024-1741 Improper Authorization in lunary-ai/lunary

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

9.1CVSS9.4AI score0.00586EPSS
Exploits1References2
OSV
OSV
added 2022/02/01 1:15 p.m.3 views

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...

9.8CVSS5.9AI score0.01989EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.7 views

PT-2022-13102 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Essential Addons for Elementor WordPress plugin versions prior to 5.0.5 Description: The issue concerns a lack of validation and sanitization of certain template data in include statements. This could allow unauthenticated attackers to perfor...

9.8CVSS9.6AI score0.01989EPSS
Exploits1References4
OSV
OSV
added 2021/12/27 11:15 a.m.4 views

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...

5.4CVSS6.1AI score0.006EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/12/27 10:33 a.m.25 views

CVE-2021-24969 Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...

5.4AI score0.006EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/11/29 12:0 a.m.21 views

Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such as subscriber is able to call it and perform...

5.4CVSS0.2AI score0.006EPSS
Exploits2Affected Software1
Rows per page
Query Builder