9 matches found
CVE-2023-47679
CVE-2023-47679 describes a Local File Inclusion (path traversal) vulnerability in the WordPress plugin Qi Addons For Elementor by QODE Interactive. Affected versions are 1.6.3 and earlier; the issue stems from improper limitation of a pathname to a restricted directory, enabling inclusion of loca...
CVE-2024-0826
CVE-2024-0826 affects Qi Addons For Elementor for WordPress. The vulnerability is a Stored Cross‑Site Scripting (XSS) in widget attributes caused by insufficient input sanitization and output escaping, allowing authenticated users with contributor-level or higher permissions to inject scripts tha...
CVE-2024-3309
CVE-2024-3309 affects the Qi Addons For Elementor plugin for WordPress. It is a Stored XSS vulnerability in the Countdown widget’s attributes present in all versions up to 1.7.0 due to insufficient input sanitization and output escaping. Exploitation requires authentication with contributor+ priv...
CVE-2024-4364
CVE-2024-4364 affects Qi Addons For Elementor for WordPress. The vulnerability is Stored Cross-Site Scripting in the plugin’s button widgets due to insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker with contributor-level access or ...
CVE-2023-47680
CVE-2023-47680 affects the WordPress plugin Qi Addons For Elementor by Qode Interactive, with a Stored XSS in versions <= 1.6.3 when exploited by users with contributor privileges. The issue stems from insufficient validation/escaping of parameters in the contributor+ workflow. Patchstack indi...
CVE-2024-9530
CVE-2024-9530 concerns the Qi Addons For Elementor WordPress plugin. The vulnerability is a Sensitive Information Exposure affecting all versions up to 1.8.0, exploitable by an authenticated attacker with Contributor-level access and above to exfiltrate data from private templates. Public sources...
CVE-2024-4887
The CVE-2024-4887 entry concerns the Qi Addons For Elementor plugin for WordPress. Affected versions (up to 1.7.2) permit Remote File Inclusion via the behavior attributes in the qi_addons_for_elementor_blog_list shortcode, enabling authenticated attackers with Contributor-level access and above ...
CVE-2024-13699
CVE-2024-13699 affects the Qi Addons For Elementor WordPress plugin. It is a Stored Cross-Site Scripting vulnerability via the cursor parameter in all versions up to 1.8.7, enabling an authenticated attacker (Contributor level or higher) to inject scripts that execute when a user loads a page. Ro...
CVE-2025-6252
CVE-2025-6252 concerns the WordPress plugin Qi Addons For Elementor (versions up to and including 1.9.1). The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping across multiple parameters, allowing an attacker with at least Contributo...