7 matches found
CVE-2024-9542
The CVE-2024-9542 entry concerns the WordPress plugin Sky Addons for Elementor. The vulnerability exists in all versions up to and including 2.6.1 and is triggered by the render function in modules/content-switcher/widgets/content-switcher.php. It permits authenticated attackers with Contributor-...
CVE-2024-11104
CVE-2024-11104 concerns Sky Addons for Elementor (WordPress plugin) ≤ 2.6.2. The root cause is a missing capability check in save_options(), enabling authenticated users with subscriber-level access and above to modify arbitrary option values that can be saved as arrays, potentially causing a den...
CVE-2024-11601
CVE-2024-11601 affects Sky Addons for Elementor (WordPress) up to version 2.6.1, due to missing nonce validation in save_options(), enabling CSRF that could let unauthenticated attackers modify options by tricking an administrator. A fix is available in 2.6.2; upgrade to that version or apply ven...
CVE-2024-38687
CVE-2024-38687 is a stored XSS in Sky Addons for Elementor (WordPress plugin) affecting Sky Addons for Elementor versions up to 2.5.5. The connected records corroborate qualified impact as Cross-Site Scripting and list remediation: upgrade to a version later than 2.5.5 (Sky Addons for Elementor),...
CVE-2024-47332
CVE-2024-47332 affects the WordPress Sky Addons for Elementor plugin, with stored XSS due to improper input neutralization during web page generation. Impact is limited to Sky Addons for Elementor versions up to 2.5.11 (patch released in 2.5.12). Remediation: update to 2.5.12 or later; patch deta...
CVE-2024-2286
CVE-2024-2286 affects Sky Addons for Elementor (WordPress). It is a Stored XSS via the wrapper link URL value in versions up to and including 2.4.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication as a Contributor+ to...
CVE-2024-50433
CVE-2024-50433 (Sky Addons for Elementor) stores XSS vulnerability in Sky Addons for Elementor versions