CVE-2024-2455

The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-6282

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output...

WordPress plugin Master Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-37510 · WordPress · The Master Addons

Name of the Vulnerable Software and Affected Versions: The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress versions up to, and including 2.0.6.4 Description: The issue is related to Stored Cross-Site Scripting via the...

CVE-2024-2455

The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Element Pack Pro plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Wrapper Link URL vulnerability discovered by Francesco Carlucci in WordPress Plugin Element Pack Pro versions = 7.9.0...

WordPress Wrapper Link Elementor plugin 1.0.2, 1.0.3 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Wrapper Link Elementor versions 1.0.2,1.0.3...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

WordPress Wrapper Link Elementor Plugin 1.0.2,1.0.3 is vulnerable to Backdoor

Software Wrapper Link Elementor Type Plugin Vulnerable versions 1.0.2,1.0.3 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73ed028987ed Credits WordFence Required privilege Unauthenticate...

Premium Addons for Elementor < 4.10.17 - Contributor+ Stored Cross-Site Scripting via Wrapper Link Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with...

CVE-2024-0376

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for...

WordPress Plugin Premium Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-15510 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.16 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget due to insufficient input sanitization and output...

CVE-2024-1428

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget in all versions up...

WordPress Plugin Element Pack Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18038 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.3 Description: The issue is related to Stored Cross-Site Scripting via the element pack wrapper link attribute of the Trailer Box widget due to...

WordPress Plugin Happy Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-15562 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.1 Description: The issue is related to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate due to insufficient input sanitization a...

CVE-2024-0954

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient...

PT-2024-15934 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.7 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping on...