2020 matches found
WordPress RLM Elementor Widgets Pack Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software RLM Elementor Widgets Pack Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50542 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 13798bc26100 Credits Gab Required privilege...
WordPress TradeMe widgets Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software TradeMe widgets Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c8053e86df80 Credits SOPROBRO Required privilege Contributor...
CVE-2024-9388
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
CVE-2024-9388
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
CVE-2024-9388
The CVE-2024-9388 entry concerns the WordPress plugin Black Widgets For Elementor. A Stored Cross-Site Scripting (XSS) flaw existed via SVG file uploads in all versions up to 1.3.7, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with...
CVE-2024-9388 Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
WordPress Black Widgets For Elementor plugin <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Black Widgets For Elementor versions = 1.3.7...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
WordPress plugin Black Widgets For Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
WordPress plugin The Enable Shortcodes inside Widgets,Comments and Experts 码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an applicatio...
WordPress Enable Shortcodes inside Widgets,Comments and Experts plugin <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Enable Shortcodes inside Widgets,Comments and Experts versions = 1.0.0...
WordPress plugin Kata Plus–Addons for Elementor–Widgets, Extensions and Templates 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Enable Shortcodes inside Widgets,Comments and Experts Plugin <= 1.0.0 is vulnerable to Arbitrary Code Execution
Software Enable Shortcodes inside Widgets,Comments and Experts Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9846 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 5e00f716955b Credits...
PT-2024-39604 · WordPress · Kata Plus – Addons For Elementor – Widgets
Name of the Vulnerable Software and Affected Versions: The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input...
CVE-2024-50447
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19...
CVE-2024-50439
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14...
CVE-2024-50439
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...
CVE-2024-50439 WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...
CVE-2024-50439 WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...