Lucene search

K
WpmetElementskit

6 matches found

CVE
CVE
added 2024/05/21 2:15 p.m.49 views

CVE-2024-4452

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions an...

6.4CVSS5.9AI score0.00169EPSS
CVE
CVE
added 2024/04/19 2:15 a.m.47 views

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated ...

6.4CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2024/09/23 1:15 a.m.45 views

CVE-2024-43996

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0.

6.5CVSS6.5AI score0.00225EPSS
CVE
CVE
added 2025/01/28 8:15 a.m.43 views

CVE-2025-0321

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level ...

6.4CVSS5.7AI score0.00036EPSS
CVE
CVE
added 2024/08/15 6:15 a.m.37 views

CVE-2024-7064

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and ...

6.4CVSS5.7AI score0.00064EPSS
CVE
CVE
added 2024/06/15 2:15 a.m.23 views

CVE-2024-5263

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...

6.4CVSS5.5AI score0.00145EPSS