Lucene search
K
QodeinteractiveQi Addons For Elementor

9 matches found

CVE
CVE
added 2024/05/17 8:35 a.m.106 views

CVE-2023-47679

CVE-2023-47679 describes a Local File Inclusion (path traversal) vulnerability in the WordPress plugin Qi Addons For Elementor by QODE Interactive. Affected versions are 1.6.3 and earlier; the issue stems from improper limitation of a pathname to a restricted directory, enabling inclusion of loca...

8.8CVSS6.8AI score0.00497EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.76 views

CVE-2024-0826

CVE-2024-0826 affects Qi Addons For Elementor for WordPress. The vulnerability is a Stored Cross‑Site Scripting (XSS) in widget attributes caused by insufficient input sanitization and output escaping, allowing authenticated users with contributor-level or higher permissions to inject scripts tha...

6.4CVSS6AI score0.00607EPSS
CVE
CVE
added 2024/04/27 9:37 a.m.68 views

CVE-2024-3309

CVE-2024-3309 affects the Qi Addons For Elementor plugin for WordPress. It is a Stored XSS vulnerability in the Countdown widget’s attributes present in all versions up to 1.7.0 due to insufficient input sanitization and output escaping. Exploitation requires authentication with contributor+ priv...

6.4CVSS5.7AI score0.0032EPSS
CVE
CVE
added 2024/06/06 3:32 a.m.64 views

CVE-2024-4364

CVE-2024-4364 affects Qi Addons For Elementor for WordPress. The vulnerability is Stored Cross-Site Scripting in the plugin’s button widgets due to insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker with contributor-level access or ...

6.4CVSS5.5AI score0.00329EPSS
CVE
CVE
added 2023/11/13 11:13 p.m.59 views

CVE-2023-47680

CVE-2023-47680 affects the WordPress plugin Qi Addons For Elementor by Qode Interactive, with a Stored XSS in versions <= 1.6.3 when exploited by users with contributor privileges. The issue stems from insufficient validation/escaping of parameters in the contributor+ workflow. Patchstack indi...

6.5CVSS5.3AI score0.00409EPSS
CVE
CVE
added 2024/10/23 7:34 a.m.59 views

CVE-2024-9530

CVE-2024-9530 concerns the Qi Addons For Elementor WordPress plugin. The vulnerability is a Sensitive Information Exposure affecting all versions up to 1.8.0, exploitable by an authenticated attacker with Contributor-level access and above to exfiltrate data from private templates. Public sources...

4.3CVSS4.6AI score0.0039EPSS
CVE
CVE
added 2024/06/07 3:21 a.m.58 views

CVE-2024-4887

The CVE-2024-4887 entry concerns the Qi Addons For Elementor plugin for WordPress. Affected versions (up to 1.7.2) permit Remote File Inclusion via the behavior attributes in the qi_addons_for_elementor_blog_list shortcode, enabling authenticated attackers with Contributor-level access and above ...

7.5CVSS6.5AI score0.00631EPSS
CVE
CVE
added 2025/02/04 12:22 p.m.55 views

CVE-2024-13699

CVE-2024-13699 affects the Qi Addons For Elementor WordPress plugin. It is a Stored Cross-Site Scripting vulnerability via the cursor parameter in all versions up to 1.8.7, enabling an authenticated attacker (Contributor level or higher) to inject scripts that execute when a user loads a page. Ro...

6.4CVSS5.9AI score0.00359EPSS
CVE
CVE
added 2025/06/28 4:21 a.m.32 views

CVE-2025-6252

CVE-2025-6252 concerns the WordPress plugin Qi Addons For Elementor (versions up to and including 1.9.1). The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping across multiple parameters, allowing an attacker with at least Contributo...

6.4CVSS5.6AI score0.0021EPSS