7 matches found
WordPress Elementor Pro Animation Addon 1.6 Missing Authorization Exploit
import argparse import requests from bs4 import BeautifulSoup import re Exploit By Nxploit Khaled ALenazi def loginsession, url, username, password, useragent: loginurl = url + '/wp-login.php' response = session.postloginurl, verify=False, data= 'log': username, 'pwd': password, 'rememberme':...
CVE-2025-1639
The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...
WordPress Elementor Pro Plugin <= 3.21.0 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Pro Type Plugin Vulnerable versions = 3.21.0 Fixed in 3.21.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4107 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e068ca3d9a8 Credits wesley wcraft Required...
WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2120 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 360c3b70f13b Credits wesley wcraft Required privilege...
WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2121 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 384f5531d486 Credits wesley wcraft Required privilege...
WordPress Elementor Pro Plugin <= 3.20.1 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Pro Type Plugin Vulnerable versions = 3.20.1 Fixed in 3.20.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1521 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID a4a801fcb03f Credits wesley wcraft Required privilege...
WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Essential Addons for Elementor Pro Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32241 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5e9e79ec6617 Credit...