CVE-2024-5254

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-33251 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.7.2 Description: The issue allows authenticated attackers with Contributor-level access and above to include remote files on the server, resulting in code execution...