2022 matches found
CVE-2024-5611
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-1723
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...
CVE-2024-1058
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...
CVE-2024-9388
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
CVE-2024-54338
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christerf Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through = 1.0.2...
CVE-2024-54228
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through = 1.0.1...
CVE-2024-54268
Missing Authorization vulnerability in Greg - SiteOrigin SiteOrigin Widgets Bundle so-widgets-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through = 1.64.0...
CVE-2024-51662
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets.This issue affects Black Widgets For Elementor: from n/a through = 1.3.6...
CVE-2024-51851
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in salehattari best bootstrap widgets for elementor best-bootstrap-widgets-for-elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through = 1.0...
CVE-2024-51613
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bidbud TradeMe widgets trademe-widget allows Stored XSS.This issue affects TradeMe widgets: from n/a through = 1.2...
CVE-2024-33649
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9...
CVE-2024-33938
Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting XSS.This issue affects Sliding Widgets: from n/a through 1.5.0...
CVE-2024-11365
The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...
CVE-2024-37918
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...
CVE-2024-0961
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...
CVE-2024-12527
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfectportalintakeform' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-51669
Cross-Site Request Forgery CSRF vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through = 1.6.4...
CVE-2024-52354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through = 1.1...
CVE-2024-50439
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...
CVE-2023-48275
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2...