Lucene search
K

2022 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.6 views

CVE-2024-5611

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1723

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

6.4CVSS5.8AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.4 views

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

6.4CVSS4.9AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.13 views

CVE-2024-9388

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.3 views

CVE-2024-54338

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christerf Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through = 1.0.2...

6.5CVSS7.2AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.6 views

CVE-2024-54228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through = 1.0.1...

6.5CVSS7.2AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.10 views

CVE-2024-54268

Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...

8.8CVSS7.2AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.8 views

CVE-2024-51662

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets.This issue affects Black Widgets For Elementor: from n/a through = 1.3.6...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.5 views

CVE-2024-51851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in salehattari best bootstrap widgets for elementor best-bootstrap-widgets-for-elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through = 1.0...

6.5CVSS7.2AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.19 views

CVE-2024-51613

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bidbud TradeMe widgets trademe-widget allows Stored XSS.This issue affects TradeMe widgets: from n/a through = 1.2...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:57 a.m.10 views

CVE-2024-33649

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9...

6.5CVSS5.2AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.5 views

CVE-2024-33938

Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting XSS.This issue affects Sliding Widgets: from n/a through 1.5.0...

6.5CVSS5.1AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.4 views

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

6.1CVSS5.6AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.4 views

CVE-2024-37918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.10 views

CVE-2024-0961

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...

6.4CVSS6AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:2 a.m.3 views

CVE-2024-12527

The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfectportalintakeform' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.6 views

CVE-2024-51669

Cross-Site Request Forgery CSRF vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through = 1.6.4...

8.8CVSS5.9AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.13 views

CVE-2024-52354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through = 1.1...

6.5CVSS7.2AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:17 a.m.9 views

CVE-2024-50439

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:46 a.m.6 views

CVE-2023-48275

Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2...

8CVSS8.4AI score0.00535EPSS
Exploits0References1
Rows per page
Query Builder