8 matches found
CVE-2024-23523
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2.
CVE-2024-35656
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2.
CVE-2024-1521
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...
CVE-2024-32681
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.
CVE-2024-2121
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ...
CVE-2024-1364
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at...
CVE-2024-2781
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with cont...
CVE-2023-35050
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.