Premium Addons Security Vulnerabilities and Issues — Premium Addons CVE List

Lucene search

Leap13Premium Addons

7 matches found

CVE•added 2024/03/13 4:15 p.m.•43 views

CVE-2024-1996

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated ...

6.4CVSS6AI score0.00109EPSS

CVE•added 2024/03/13 4:15 p.m.•41 views

CVE-2024-1997

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authent...

6.4CVSS6.1AI score0.00229EPSS

CVE•added 2024/03/13 4:15 p.m.•35 views

CVE-2024-2239

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-...

6.4CVSS6.1AI score0.00229EPSS

CVE•added 2024/03/13 4:15 p.m.•32 views

CVE-2024-2237

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level ac...

6.4CVSS6.1AI score0.00229EPSS

CVE•added 2024/03/13 4:15 p.m.•31 views

CVE-2024-2238

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l...

6.4CVSS6.1AI score0.00229EPSS

CVE•added 2023/11/30 4:15 p.m.•30 views

CVE-2023-37868

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.

6.5CVSS6.4AI score0.00679EPSS

CVE•added 2024/03/13 4:15 p.m.•30 views

CVE-2024-2000

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...

6.4CVSS6.1AI score0.00229EPSS