Elementor Header & Footer Builder Security Vulnerabilities and Issues — Elementor Header & Footer Builder CVE List

Lucene search

BrainstormforceElementor Header & Footer Builder

8 matches found

CVE•added 2024/11/08 12:15 p.m.•79 views

CVE-2024-10325

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Aut...

6.4CVSS5.4AI score0.00025EPSS

CVE•added 2024/12/23 5:15 a.m.•62 views

CVE-2024-11230

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contribu...

6.4CVSS5.8AI score0.00032EPSS

CVE•added 2024/05/16 11:15 a.m.•56 views

CVE-2024-4634

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00197EPSS

CVE•added 2024/05/24 5:15 a.m.•50 views

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

6.4CVSS5.9AI score0.00169EPSS

CVE•added 2024/05/16 9:16 p.m.•48 views

CVE-2024-2619

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitra...

5.4CVSS6.6AI score0.00209EPSS

CVE•added 2024/10/24 9:15 a.m.•44 views

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft,...

4.3CVSS4.6AI score0.00118EPSS

CVE•added 2024/06/13 6:15 a.m.•39 views

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for aut...

6.4CVSS5.5AI score0.00188EPSS

CVE•added 2024/03/13 4:15 p.m.•33 views

CVE-2024-1237

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with c...

6.4CVSS6.1AI score0.00144EPSS