CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47392 – WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47392
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5. The Element Pack Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-plugin-5-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8030 – Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-8030
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_wishlist cookie in versions up to , and including, 2.0.3. This makes it possible for an unauthenticated attacker to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker or above to delete arbitrary files, retrieve sensitive data, or execute code. • https://github.com/codeb0ss/CVE-2024-8030-PoC https://plugins.trac.wordpress.org/changeset/3141022/ultimate-store-kit/trunk/includes/helper.php https://www.wordfence.com/threat-intel/vulnerabilities/id/ef566dca-91ed-4929-b36b-4e424e07e1d4?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5335 – Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-5335
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4. This makes it possible for an unauthenticated attacker to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker or above to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/browser/ultimate-store-kit/trunk/includes/helper.php#L1103 https://plugins.trac.wordpress.org/changeset/3135472/ultimate-store-kit/trunk/includes/helper.php https://www.wordfence.com/threat-intel/vulnerabilities/id/2ae44bcb-6149-4661-8890-23c867e9a918?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7247 – Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets
https://notcve.org/view.php?id=CVE-2024-7247
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/assets/js/bdt-uikit.js#L4223 https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/assets/js/ep-scripts.js#L514 https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/assets/js/ep-scripts.js#L576 https://plugins.trac.wordpress.org/changeset/3133714 https://plugins.trac.wordpress.org/changeset/3133714/#file1110 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&re • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4359 – Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-4359
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L847 https://www.wordfence.com/threat-intel/vulnerabilities/id/a55cfeb3-7632-4a88-ac71-8e119b060721?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •