5 matches found
CVE-2024-5179
CVE-2024-5179 concerns Cowidgets – Elementor Addons for WordPress. The vulnerability is Local File Inclusion via the item_style and style parameters, allowing an authenticated attacker with Contributor-level access and above to include and execute PHP files on the server, potentially bypassing co...
CVE-2024-53786
CVE-2024-53786 affects WordPress plugin Cowidgets – Elementor Addons (versions <= 1.2.0). The issue is an improper input neutralization during web page generation, enabling Stored XSS. Public disclosures in the provided documents confirm the vulnerability as stored XSS affecting this plugin ve...
CVE-2024-8960
CVE-2024-8960: Cowidgets – Elementor Addons for WordPress suffers Stored Cross-Site Scripting via SVG uploads in all versions
CVE-2024-10779
CVE-2024-10779 affects Cowidgets – Elementor Addons (WordPress) up to version 1.2.0. Root cause: Information Disclosure via the ce_template shortcode due to insufficient restrictions on which posts can be included. Impact: authenticated attackers with Contributor-level access (or higher) can extr...
CVE-2024-4697
CVE-2024-4697 is a WordPress plugin issue in Cowidgets – Elementor Addons. The vulnerability is a Stored Cross‑Site Scripting via the heading_tag parameter in all versions up to 1.1.1, caused by insufficient input sanitization and output escaping. It enables authenticated attackers with contribut...