Lucene search
+L
BrainstormforceElementor Header & Footer Builder

7 matches found

cve
cve
added 2024/11/08 11:31 a.m.150 views

CVE-2024-10325

CVE-2024-10325 affects Elementor Header & Footer Builder (Ultimate Addons for Elementor) for WordPress. Desktop/REST SVG File Uploads allow Stored XSS due to insufficient input sanitization and output escaping in SVG handling. Affected versions: up to 1.6.45. Exploitation requires authentication ...

6.4CVSS5.4AI score0.00288EPSS
cve
cve
added 2024/12/23 4:23 a.m.129 views

CVE-2024-11230

CVE-2024-11230 affects Ultimate Addons for Elementor (formerly Elementor Header & Footer Builder): Stored XSS via the Page Title Widget in Elementor Header & Footer Builder versions up to 1.6.46. Exploitation requires authenticated access (Contributor+). Patch is applied; update to the fixed rele...

6.4CVSS5.8AI score0.003EPSS
cve
cve
added 2024/10/24 8:32 a.m.112 views

CVE-2024-10050

CVE-2024-10050 affects Elementor Header & Footer Builder for WordPress up to version 1.6.43, enabling information disclosure via the hfe_template shortcode. Authenticated users with Contributor+ can view Draft, Private, and password‑protected posts they do not own. The vulnerability is documented...

4.3CVSS4.6AI score0.00471EPSS
cve
cve
added 2024/05/16 11:5 a.m.84 views

CVE-2024-4634

CVE-2024-4634 (Elementor Header & Footer Builder, WordPress) stores cross-site scripting via the hfe_svg_mime_types path in versions up to 1.6.28 due to insufficient input sanitization and output escaping. The issue requires authentication (contributors or higher) to inject arbitrary scripts that...

6.4CVSS5.7AI score0.00357EPSS
cve
cve
added 2024/05/24 4:29 a.m.72 views

CVE-2024-2618

CVE-2024-2618 refers to the Elementor Header & Footer Builder plugin for WordPress. The Red Hat and WordPress‑centered sources confirm a Stored Cross‑Site Scripting vulnerability via the size attribute in all versions up to and including 1.6.26, caused by insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00322EPSS
cve
cve
added 2024/05/16 8:31 p.m.71 views

CVE-2024-2619

CVE-2024-2619 : Elementor Header & Footer Builder for WordPress is vulnerable to HTML injection due to insufficient input sanitization and output escaping. Affected versions are up to and including 1.6.26. Exploitation requires authentication with author-level permissions or higher, enabling an a...

5.4CVSS6.6AI score0.00377EPSS
cve
cve
added 2024/03/13 3:27 p.m.52 views

CVE-2024-1237

The CVE-2024-1237 vulnerability affects the Elementor Header & Footer Builder plugin for WordPress and is a Stored Cross-Site Scripting flaw via the flyout_layout attribute in versions up to 1.6.24, caused by insufficient input sanitization and output escaping. Exploitation could allow an authent...

6.4CVSS6.1AI score0.00514EPSS