8 matches found
CVE-2024-34374
CVE-2024-34374 is a Stored Cross-Site Scripting (XSS) vulnerability in QuomodoSoft ElementsReady Addons for Elementor. The issue affects ElementsReady Addons for Elementor releases up to 5.8.0 (inclusive). Red Hat’s advisory corroborates the same description. Public references list this CVE under...
CVE-2024-10356
CVE-2024-10356 affects ElementsReady Addons for Elementor (WordPress). Remote code is not exposed; the issue is Sensitive Information Exposure due to insecure access control in inc/Widgets/accordion/output/content.php, exploitable by authenticated users with Contributor+ rights. The Red Hat/Wordf...
CVE-2024-54224
CVE-2024-54224 affects WordPress ElementsReady Addons for Elementor (
CVE-2024-5152
CVE-2024-5152 affects the ElementsReady Addons for Elementor plugin (WordPress). It is a Stored Cross-Site Scripting via the _id parameter in all versions up to 6.1.0. Exploitation requires Contributor+ access and can cause scripts to run on pages viewed by users. No remediation details are provi...
CVE-2024-47329
The CVE-2024-47329 entry concerns WordPress plugin ElementsReady Addons for Elementor. A stored XSS vulnerability exists in versions
CVE-2024-9444
CVE-2024-9444 : The ElementsReady Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 6.4.3 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author leve...
CVE-2024-51787
CVE-2024-51787 is a stored XSS in ElementsReady Addons for Elementor. An authenticated attacker could inject script via input processed by the plugin, affecting ElementsReady Addons for Elementor versions up to 6.4.3. Red Hat and Wordfence references confirm the vulnerability class and affected p...
CVE-2024-47353
CVE-2024-47353 describes an Open Redirect vulnerability in WordPress plugin ElementsReady Addons for Elementor (ElementsReady Addons for Elementor) affecting version 6.4.2 and earlier. The issue allows redirection to an untrusted site via URL handling within the plugin. Patchstack notes the fix i...