2020 matches found
CVE-2024-22290
Cross-Site Request Forgery CSRF vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting XSS.This issue affects Custom Dashboard Widgets: from n/a through 1.3.1...
CVE-2024-0709
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-53739
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...
WordPress ReverbNation Widgets plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability<
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin ReverbNation Widgets versions = 2.1...
PT-2025-1612
Name of the Vulnerable Software and Affected Versions The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description The issue is related to Stored Cross-Site Scripting via SVG File uploads due to...
CVE-2024-13642
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13642
The CVE refers to WordPress Stratum – Elementor Widgets (Stratum) plugin, vulnerable to Stored Cross-Site Scripting via the Image Hotspot widget. The issue exists in all versions up to and including 1.4.7 and stems from insufficient input sanitization and output escaping on user-supplied attribut...
CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Stratum – Elementor Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2025-1665 · WordPress · Borderless – Widgets
Name of the Vulnerable Software and Affected Versions: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description: The issue is related to Remote Code Execution due to a lack of sanitization on an imported...
PT-2025-1664 · WordPress · Borderless – Widgets
Name of the Vulnerable Software and Affected Versions: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description: The issue is related to a missing capability check on the remove zipped font function,...
WordPress Divi Torque Lite plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin DiviTorque – Divi Theme, Divi Builder and Extra Theme versions = 4.1.0...
PT-2025-3846 · WordPress · Divi Torque Lite
Name of the Vulnerable Software and Affected Versions: Divi Torque Lite plugin for WordPress versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting via several widgets due to insufficient input sanitization and output escaping on user-supplied...
Malicious code in sandstorm-widgets-nyse-website (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 521032aa86f84d6ee0bb3ad2b7b97e43683ed2040212f5b7cb5359f10549fea6 The OpenSSF Package Analysis project identified 'sandstorm-widgets-nyse-website' @ 7.0.1 npm as malicious. It is considered malicious because: -...
WordPress Divi Carousel Lite plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability discovered by Webbernaut in WordPress Plugin Divi Carousel Lite versions = 2.0.4...
PT-2025-2129 · WordPress · Responsive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via HTML tags in several widgets...
CVE-2025-23722
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through = 1.0...
CVE-2025-23722 WordPress Mind3doM RyeBread Widgets plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through = 1.0...
CVE-2025-23722 WordPress Mind3doM RyeBread Widgets plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through = 1.0...