11 matches found
CVE-2025-13887
The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...
PT-2026-1611
Name of the Vulnerable Software and Affected Versions AI BotKit – AI Chatbot & Live Support for WordPress plugin versions through 1.1.7 Description The AI BotKit – AI Chatbot & Live Support for WordPress plugin is susceptible to Stored Cross-Site Scripting. This occurs due to inadequate input...
Linux Distros Unpatched Vulnerability : CVE-2020-13628
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to...
CVE-2024-5640
The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...
PT-2024-20914 · Livemesh · Elementor Addons
Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.6 Description: The issue is related to Stored Cross-Site Scripting via widget id attributes due to insufficient input sanitization and output escaping on...
PT-2024-22866 · WordPress · Sydney Toolbox
Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.26 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of widgets due to insufficient input sanitization and output escaping on user-suppli...
PT-2024-18029 · WordPress · The Plus Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of the Header Meta Content widget due to insufficient input...
Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a...
UBUNTU-CVE-2020-13628
Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...
PT-2019-7395 · WordPress · Dynamic Widgets
Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a cross-site scripting XSS problem. It can be exploited via the "action=term tree" prefix or the widget id parameter in the "/wp-admin/admin-ajax.php" API endpoin...
foreman: SQL injection due to improper handling of the widget id parameter
An input sanitization flaw was found in the id field of the dashboard controller. A user could use this flaw to perform a SQL injection attack on the back-end database...