Lucene search

K

Essential Security Vulnerabilities

cve
cve

CVE-2024-5086

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-29 08:15 AM
24
cve
cve

CVE-2024-5612

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This.....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-07 05:15 AM
24
cve
cve

CVE-2023-48273

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-11 05:15 PM
62
cve
cve

CVE-2024-32601

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-04-18 09:15 AM
37
cve
cve

CVE-2024-3645

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as 'title_html_tag'....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-04-22 02:15 PM
29
cve
cve

CVE-2022-38077

Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1...

8.8CVSS

9.1AI Score

0.001EPSS

2023-03-29 01:15 PM
21
cve
cve

CVE-2023-38516

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <= 1.2.2...

6.5CVSS

5.2AI Score

0.0004EPSS

2023-09-03 12:15 PM
16
cve
cve

CVE-2022-45818

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4...

6.5CVSS

5.2AI Score

0.0005EPSS

2023-05-04 01:15 PM
10
cve
cve

CVE-2022-0683

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes...

6.1CVSS

5.9AI Score

0.001EPSS

2022-02-24 07:15 PM
125
cve
cve

CVE-2018-14994

The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu (versionName=1.0, platformBuildVersionName=8.1.0) that contains an exported activity....

7.5CVSS

7.3AI Score

0.001EPSS

2019-04-25 08:29 PM
15