Lucene search
K
CodelessCowidgets Elementor Addons

5 matches found

CVE
CVE
added 2024/06/06 2:3 a.m.60 views

CVE-2024-5179

CVE-2024-5179 concerns Cowidgets – Elementor Addons for WordPress. The vulnerability is Local File Inclusion via the item_style and style parameters, allowing an authenticated attacker with Contributor-level access and above to include and execute PHP files on the server, potentially bypassing co...

8.8CVSS6.5AI score0.00932EPSS
CVE
CVE
added 2024/11/30 9:14 p.m.52 views

CVE-2024-53786

CVE-2024-53786 affects WordPress plugin Cowidgets – Elementor Addons (versions <= 1.2.0). The issue is an improper input neutralization during web page generation, enabling Stored XSS. Public disclosures in the provided documents confirm the vulnerability as stored XSS affecting this plugin ve...

6.5CVSS7.2AI score0.00284EPSS
CVE
CVE
added 2024/11/09 2:32 a.m.49 views

CVE-2024-8960

CVE-2024-8960: Cowidgets – Elementor Addons for WordPress suffers Stored Cross-Site Scripting via SVG uploads in all versions

6.4CVSS5.7AI score0.00295EPSS
CVE
CVE
added 2024/11/09 2:32 a.m.46 views

CVE-2024-10779

CVE-2024-10779 affects Cowidgets – Elementor Addons (WordPress) up to version 1.2.0. Root cause: Information Disclosure via the ce_template shortcode due to insufficient restrictions on which posts can be included. Impact: authenticated attackers with Contributor-level access (or higher) can extr...

5.3CVSS5AI score0.00303EPSS
CVE
CVE
added 2024/06/04 5:32 a.m.46 views

CVE-2024-4697

CVE-2024-4697 is a WordPress plugin issue in Cowidgets – Elementor Addons. The vulnerability is a Stored Cross‑Site Scripting via the heading_tag parameter in all versions up to 1.1.1, caused by insufficient input sanitization and output escaping. It enables authenticated attackers with contribut...

6.4CVSS6AI score0.00349EPSS