WordPress Wot Elementor Widgets plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Wot Elementor Widgets versions = 1.0.1...

WordPress CMSMasters Elementor Addon plugin <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by István Márton in WordPress Plugin CMSMasters Elementor Addon versions = 1.14.7...

aiidalab-widgets-base (>=1.3.4 <=2.0.0a1), appyter (>=0.18.3 <=0.18.11) +60 more potentially affected by unknown CVE via jupyter-server (>=1.0.11 <=1.23.5)

jupyter-server PYPI version =1.0.11, =1.3.4, =0.18.3, =0.0.0, =0.0.1.post7, =0.1.2, =1.2.0, =0.0.0, =0.0.1.dev7, =0.1.7, =0.8.0, =0.1.1.10, =0.1.6.2, =0.2.1.3 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUPYTERSERVER-8445268...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

CVE-2024-53739

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4...

CVE-2024-53739

CVE-2024-53739 affects the WordPress plugin Cryptocurrency Widgets For Elementor (versions up to 1.6.4). It is caused by improper control of the filename in Include/Require, enabling Local File Inclusion (PHP LFI). The vulnerability has been publicly documented with high/severe impact (CVSS up to...

CVE-2024-53739 WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: fr...

WordPress plugin Cryptocurrency Widgets For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Zaidan Rizaki Patchstack Alliance in WordPress Plugin Cryptocurrency Widgets For Elementor versions = 1.6.4...

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

CVE-2024-10316

CVE-2024-10316 involves the Stratum – Elementor Widgets WordPress plugin. The vulnerability affects all versions up to and including 1.4.4 and resides in includes/templates/content-switcher.php, enabling authenticated attackers with Contributor+ privileges to exfiltrate sensitive template data (p...

CVE-2024-10316 Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

CVE-2024-10316 Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

CVE-2024-11365

CVE-2024-11365 affects the WordPress plugin Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes . The vulnerability is a Reflected Cross-Site Scripting (XSS) due to unsafe use of the URL-building function add_query_arg without proper escaping, in versions up to and including 1.1.6. This enab...

CVE-2024-11365 Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

WordPress Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin <= 1.1.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Crypto and DeFi Widgets versions = 1.1.6...

CVE-2024-10365 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...

PT-2024-16937 · WordPress · The Crypto/Defi Widgets – Web3 Cryptocurrency Shortcodes

Name of the Vulnerable Software and Affected Versions: The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress versions up to, and including, 1.1.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated...

WordPress Crypto and DeFi Widgets Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Crypto and DeFi Widgets Type Plugin Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11365 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5b571d52ad59 Credits vgo0 Requir...