CVE-2024-10091 – ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget
https://notcve.org/view.php?id=CVE-2024-10091
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.9/widgets/image-comparison/image-comparison.php#L657 https://www.wordfence.com/threat-intel/vulnerabilities/id/00b278af-6ce6-4e70-a83a-a1b035542cd4?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8546 – ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget
https://notcve.org/view.php?id=CVE-2024-8546
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/elementskit-lite/trunk/widgets/video/parts/video-button.php#L10 https://plugins.trac.wordpress.org/changeset/3155880 https://plugins.trac.wordpress.org/changeset/3155880/elementskit-lite/trunk/widgets/video/video.php https://wordpress.org/plugins/elementskit-lite/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/d21aeeb6-2e7d-426e-82c5-ff65e33bc5cb?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6455 – ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function
https://notcve.org/view.php?id=CVE-2024-6455
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items. El complemento ElementsKit Elementor addons para WordPress es vulnerable a la exposición de la información en todas las versiones hasta la 3.2.0 incluida, debido a la falta de comprobaciones de capacidad en la función ekit_widgetarea_content. Esto hace posible que atacantes no autenticados vean cualquier elemento creado en Elementor, como publicaciones, páginas y plantillas, incluidos borradores, elementos pendientes y privados. • https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.0/modules/controls/widget-area-utils.php#L15 https://www.wordfence.com/threat-intel/vulnerabilities/id/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-2803 – ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
https://notcve.org/view.php?id=CVE-2024-2803
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento ElementsKit Elementor addons de WordPress es vulnerable a cross-site scripting almacenado a través del widget de cuenta regresiva en todas las versiones hasta la 3.0.6 incluida debido a una sanitización de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3062463%40elementskit-lite&new=3062463%40elementskit-lite&sfp_email=&sfph_mail=#file12 https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c44ad9-e61e-4f29-9c0b-7c0a89b0c8da?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-2047 – ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw
https://notcve.org/view.php?id=CVE-2024-2047
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. El complemento ElementsKit Elementor addons para WordPress es vulnerable a la inclusión de archivos locales en todas las versiones hasta la 3.0.6 incluida a través de la función render_raw. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan y ejecuten archivos arbitrarios en el servidor, permitiendo la ejecución de cualquier código PHP en esos archivos. • https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.5/widgets/testimonial/testimonial.php#L2458 https://plugins.trac.wordpress.org/changeset/3054091/elementskit-lite/tags/3.0.7/widgets/testimonial/testimonial.php https://www.wordfence.com/threat-intel/vulnerabilities/id/413e6326-14c6-4734-8adc-114a7842c574?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •