14 matches found
CVE-2021-24258
Summary (CVE-2021-24258): The WordPress plugins Elements Kit Lite and Elements Kit Pro (before 2.2.0) expose stored XSS in multiple widgets. A lower-privileged user (e.g., contributor) can inject JavaScript via crafted save_builder requests into post content, which is then executed when the post ...
CVE-2024-37255
CVE-2024-37255 corresponds to a Missing Authorization vulnerability in Wpmet Elements Kit Elementor addons (ElementsKit Lite)
CVE-2024-10091
CVE-2024-10091 — ElementsKit Elementor addons (WordPress) stores cross-site scripting via the Image Comparison Widget in versions
CVE-2024-6455
CVE-2024-6455 affects ElementsKit Elementor addons for WordPress (up to version 3.2.0). Root cause: missing capability checks in the ekit_widgetarea_content function, enabling unauthenticated attackers to view Elementor items (posts, pages, templates) including drafts, pending and private items. ...
CVE-2024-32505
CVE-2024-32505 affects the WordPress ElementsKit Elementor addons plugin (versions
CVE-2024-1239
CVE-2024-1239 affects ElementsKit Elementor addons for WordPress and is a Stored XSS vulnerability present in all versions up to 3.0.4 due to insufficient input sanitization and output escaping. Authenticated attackers with contributor access or higher can inject arbitrary script that executes in...
CVE-2024-2047
The CVE-2024-2047 entry affects ElementsKit Elementor addons and Templates Library (ElementsKit Lite) for WordPress. The root cause is Local File Inclusion via render_raw in all versions up to 3.0.6. This allows an authenticated attacker with contributor+ privileges to include and execute arbitra...
CVE-2023-39993
CVE-2023-39993 refers to a Broken Access Control issue in the WordPress plugin ElementsKit Lite / Elementor addons . Affected versions are ≤ 2.9.0 (Wpmet ElementsKit Lite). The root cause is a Missing Authorization/Access control weakness that could allow unauthorized actions. Remediation: upgrad...
CVE-2023-6582
CVE-2023-6582 affects ElementsKit Lite/Elementor addon for WordPress. The vulnerability is an unauthenticated Sensitive Information Exposure via the ekit_widgetarea_content function, allowing attackers to read posts in draft, private, or pending status when posts are created with Elementor. Affec...
CVE-2024-2042
CVE-2024-2042 is a Stored XSS affecting the ElementsKit Elementor addons plugin for WordPress, via the Image Accordion widget. It affects all versions up to and including 3.0.5 due to insufficient input sanitization and output escaping, enabling authenticated attackers with contributor-level acce...
CVE-2024-3650
CVE-2024-3650 affects ElementsKit Elementor addons for WordPress. The issue is Stored XSS in Image Accordion widget across versions 3.0.7–3.1.2, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling an at...
CVE-2024-1238
CVE-2024-1238 affects ElementsKit Elementor addons and Templates Library for WordPress. It is a Stored XSS via the button ID parameter caused by insufficient input sanitization and output escaping, impacting all versions up to 3.0.6. Exploitation requires authentication (contributors+). Reported ...
CVE-2024-3499
The CVE-2024-3499 entry concerns ElementsKit Elementor addons and Templates Library for WordPress. Impact arises from a Local File Inclusion in the Onepage Scroll module’s generate_navigation_markup function, enabling an authenticated attacker with contributor+ privileges to include and execute a...
CVE-2024-2803
CVE-2024-2803 corresponds to ElementsKit Elementor addons and Templates Library in WordPress, where Stored XSS via the countdown widget exists in all versions up to 3.0.6 due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with contributor-...