6 matches found
CVE-2024-2132
CVE-2024-2132 affects the Ultimate Bootstrap Elements for Elementor WordPress plugin. Root cause: Stored XSS via the Image Widget due to insufficient input sanitization and output escaping of user-supplied attributes. Impact (as described in connected RH entry): authenticated attackers with contr...
CVE-2024-1398
CVE-2024-1398 affects the Ultimate Bootstrap Elements for Elementor plugin for WordPress. The vulnerability is Stored Cross-Site Scripting via the heading_title_tag and heading_sub_title_tag parameters in all versions up to 1.3.6, caused by insufficient input sanitization and output escaping. The...
CVE-2024-37462
CVE-2024-37462 is an LFI/path traversal vulnerability in the Ultimate Bootstrap Elements for Elementor plugin. Public details identify affected software as Ultimate Bootstrap Elements for Elementor (1.0 through 1.4.2) and describe improper restriction of a pathname to a restricted directory, enab...
CVE-2024-13545
CVE-2024-13545 affects Bootstrap Ultimate theme for WordPress (versions up to 1.4.9). Description: unauthenticated Local File Inclusion via the path parameter allows including PHP files on the server and executing code in those files; if php://filter is enabled, this may lead to Remote Code Execu...
CVE-2024-10329
CVE-2024-10329 affects the WordPress plugin Ultimate Bootstrap Elements for Elementor (all versions up to 1.4.6). It enables Sensitive Information Exposure via the ube_get_page_templates function. Exploitation requires authentication with Contributor-level access or higher. The impact is disclosu...
CVE-2024-43140
CVE-2024-43140 is a path traversal vulnerability in the WordPress plugin “Ultimate Bootstrap Elements for Elementor” that allows PHP local file inclusion. Affected: Ultimate Bootstrap Elements for Elementor