Lucene search
K

2020 matches found

Patchstack
Patchstack
added 2024/10/31 12:0 a.m.10 views

WordPress RLM Elementor Widgets Pack Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software RLM Elementor Widgets Pack Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50542 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 13798bc26100 Credits Gab Required privilege...

6.5CVSS6.9AI score0.00352EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/31 12:0 a.m.10 views

WordPress TradeMe widgets Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software TradeMe widgets Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c8053e86df80 Credits SOPROBRO Required privilege Contributor...

6.5CVSS6.5AI score0.00243EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/30 11:15 a.m.20 views

CVE-2024-9388

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS0.00302EPSS
Exploits0References4
OSV
OSV
added 2024/10/30 11:15 a.m.4 views

CVE-2024-9388

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

5.4CVSS5.9AI score0.00302EPSS
Exploits0References4
CVE
CVE
added 2024/10/30 11:1 a.m.59 views

CVE-2024-9388

The CVE-2024-9388 entry concerns the WordPress plugin Black Widgets For Elementor. A Stored Cross-Site Scripting (XSS) flaw existed via SVG file uploads in all versions up to 1.3.7, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with...

6.4CVSS5.7AI score0.00302EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/30 11:1 a.m.10 views

CVE-2024-9388 Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/30 5:35 a.m.6 views

WordPress Black Widgets For Elementor plugin <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Black Widgets For Elementor versions = 1.3.7...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/30 2:4 a.m.14 views

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS7.6AI score0.00542EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/30 2:4 a.m.13 views

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS0.00542EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.3 views

WordPress plugin Black Widgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS5.9AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.3 views

WordPress plugin The Enable Shortcodes inside Widgets,Comments and Experts 码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an applicatio...

7.3CVSS7.8AI score0.00542EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/29 8:16 p.m.3 views

WordPress Enable Shortcodes inside Widgets,Comments and Experts plugin <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Enable Shortcodes inside Widgets,Comments and Experts versions = 1.0.0...

7.3CVSS7.1AI score0.00542EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.3 views

WordPress plugin Kata Plus–Addons for Elementor–Widgets, Extensions and Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.14 views

WordPress Enable Shortcodes inside Widgets,Comments and Experts Plugin <= 1.0.0 is vulnerable to Arbitrary Code Execution

Software Enable Shortcodes inside Widgets,Comments and Experts Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9846 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 5e00f716955b Credits...

7.3CVSS7AI score0.00542EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-39604 · WordPress · Kata Plus – Addons For Elementor – Widgets

Name of the Vulnerable Software and Affected Versions: The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input...

6.4CVSS6.2AI score0.00353EPSS
Exploits0References7
OSV
OSV
added 2024/10/28 6:15 p.m.3 views

CVE-2024-50447

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19...

5.4CVSS5.8AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 6:15 p.m.0 views

CVE-2024-50439

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/10/28 6:15 p.m.13 views

CVE-2024-50439

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...

6.5CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/28 6:6 p.m.32 views

CVE-2024-50439 WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...

6.5CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/28 6:6 p.m.13 views

CVE-2024-50439 WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through = 1.2.14...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder