Elementskit Security Vulnerabilities and Issues — Elementskit CVE List

WpmetElementskit

9 matches found

CVE•added 2024/05/21 1:51 p.m.•55 views

CVE-2024-4452

CVE-2024-4452 affects ElementsKit Pro for WordPress. A stored XSS exists in the url parameter up to version 3.6.1 due to insufficient input sanitization and output escaping. Exploitation requires contributor+ permissions; an authenticated attacker can inject scripts that execute when users view i...

6.4CVSS5.9AI score0.00234EPSS

CVE•added 2024/04/19 1:57 a.m.•54 views

CVE-2024-3598

CVE-2024-3598 affects ElementsKit Pro (WordPress) via a Stored Cross-Site Scripting flaw in the Creative Button widget. The issue, present in ElementsKit Pro versions up to 3.6.0, arises from insufficient input sanitization/output escaping for the ekit_btn_id attribute, enabling an authenticated ...

6.4CVSS5.7AI score0.00184EPSS

CVE•added 2025/01/28 7:21 a.m.•54 views

CVE-2025-0321

CVE-2025-0321 affects the WordPress plugin ElementsKit Pro (versions up to and including 3.7.8). The issue is a DOM-based Stored Cross-Site Scripting (XSS) via the plugin’s URL parameter, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at ...

6.4CVSS5.7AI score0.00208EPSS

CVE•added 2024/09/23 12:1 a.m.•50 views

CVE-2024-43996

CVE-2024-43996 affects WordPress ElementsKit Pro plugin versions through 3.6.0. The vulnerability is Local File Inclusion caused by improper limitation of a pathname to a restricted directory (Path Traversal) in ElementsKit Pro. Impact is PHP Local File Inclusion with a base CVSS v3.1 score of 6....

6.5CVSS6.5AI score0.00212EPSS

CVE•added 2024/06/14 5:39 a.m.•47 views

CVE-2024-4404

CVE-2024-4404 : ElementsKit Pro for WordPress is vulnerable to Server-Side Request Forgery, via the render_raw function, in versions up to and including 3.6.2. An authenticated attacker with contributor-level permissions or higher can issue web requests from the application to arbitrary locations...

9.6CVSS8.3AI score0.00363EPSS

CVE•added 2024/08/15 5:30 a.m.•45 views

CVE-2024-7064

The CVE-2024-7064 entry concerns ElementsKit Pro for WordPress. It describes a Stored Cross-Site Scripting vulnerability in multiple parameters due to insufficient input sanitization and output escaping, affecting all versions up to 3.6.5. Exploitation requires authentication at Contributor level...

6.4CVSS5.7AI score0.0031EPSS

CVE•added 2024/05/02 4:52 p.m.•42 views

CVE-2024-3500

This CVE (CVE-2024-3500) concerns ElementsKit Pro for WordPress. The vulnerability is Local File Inclusion via the Price Menu, Hotspot, and Advanced Toggle widgets in all versions up to 3.6.0. An authenticated attacker with contributor-level access or higher can include and execute arbitrary PHP ...

8.8CVSS6.5AI score0.01017EPSS

CVE•added 2024/08/15 5:30 a.m.•41 views

CVE-2024-7063

CVE-2024-7063 affects ElementsKit Pro for WordPress, with Sensitive Information Exposure via render_raw in all versions up to 3.6.6. The issue requires authentication (Contributor+), allowing an authenticated user to exfiltrate sensitive data such as private, future, and draft posts. Connected so...

4.3CVSS4.4AI score0.00306EPSS

CVE•added 2024/06/15 2:1 a.m.•30 views

CVE-2024-5263

CVE-2024-5263 affects ElementsKit Pro (WordPress). Root cause: authenticated (Contributor+) Stored XSS via Motion Text and Table widgets due to insufficient input sanitization and output escaping in versions ≤ 3.6.2. Impact: attackers with contributor+ access can inject scripts that run when user...

6.4CVSS5.5AI score0.00201EPSS