CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2026/01/07 9:14 a.m.•6 views

CVE-2024-2137

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS6.1AI score0.00109EPSS

Exploits0References1

Positive Technologies•added 2025/12/13 12:0 a.m.•1 views

PT-2025-51093

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.00031EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-27101

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00109EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-54128

Malicious code in bioql PyPI...

4.3CVSS9.2AI score0.0011EPSS

Exploits0References2

NVD•added 2025/07/02 10:15 a.m.•3 views

CVE-2025-2330

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS0.00157EPSS

Exploits0References4

Vulnrichment•added 2025/07/02 9:23 a.m.•3 views

CVE-2025-2330 All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget

6.4CVSS5.9AI score0.00157EPSS

Exploits0References4

Patchstack•added 2025/05/30 2:24 p.m.•7 views

WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WidgetKit versions = 2.5.4...

6.5CVSS5.9AI score0.00143EPSS

Exploits0Affected Software1

NVD•added 2025/03/08 9:15 a.m.•10 views

CVE-2024-10321

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above,...

4.3CVSS0.0011EPSS

Exploits0References2

Patchstack•added 2024/06/28 12:0 a.m.•6 views

WordPress WidgetKit Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Software WidgetKit Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 351434df7944 Credits 4rCanJ0x! Required privilege Contributor...

6.5CVSS6.6AI score0.00199EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/04/29 12:0 a.m.•11 views

WordPress WidgetKit Plugin <= 2.5.1 is vulnerable to Broken Access Control

Software WidgetKit Type Plugin Vulnerable versions = 2.5.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33908 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 38f3250eb362 Credits Dhabaleshwar Das Required privilege...

5.3CVSS6.6AI score0.00176EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/04/15 9:15 a.m.•2 views

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Pricing Widgets vulnerability discovered by Francesco Carlucci in WordPress Plugin WidgetKit versions = 2.5.1...

6.4CVSS5.8AI score0.00109EPSS

Exploits0References1Affected Software1

Patchstack•added 2021/04/13 12:0 a.m.•8 views

WordPress WidgetKit plugin <= 2.3.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress WidgetKit plugin versions = 2.3.9. Solution Update the WordPress WidgetKit plugin to the latest available version at least 2.3.10...

2AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by