4 matches found
CVE-2024-43342
CVE-2024-43342 is a Stored XSS vulnerability in BdThemes Ultimate Store Kit Elementor Addons (affecting up to 1.6.4). The flaw stems from improper input neutralization during web page generation, enabling an attacker with network access to inject scripts that may affect user confidentiality and i...
CVE-2025-2168
CVE-2025-2168 affects the Ultimate Store Kit – Elementor Addons, WooCommerce Builder, EDD Builder, and related widgets for WordPress, up to and including version 2.4.1. The root cause is missing or incorrect nonce validation in the dismiss() function, enabling CSRF that can allow unauthenticated ...
CVE-2024-8030
CVE-2024-8030 affects Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, and Woocommerce Slider up to and including 2.0.3. It enables unauthenticated PHP Object Injection via deserialization of input in the _ultimate_store_...
CVE-2024-5335
CVE-2024-5335 affects the WordPress plugin Ultimate Store Kit Elementor Addons (and related components) up to version 1.6.4. The vulnerability is an unauthenticated PHP Object Injection resulting from deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie. The Word...