CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31126 – Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
https://notcve.org/view.php?id=CVE-2025-31126
03 Apr 2025 — Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.8. Element X iOS es un cliente Matrix iOS proporcionado por Element. En las versiones de Element X iOS entre la 1.6.13 y la 25.03.7, la entidad que controla el archivo conocido element.json puede, ... • https://github.com/element-hq/element-meta/issues/2441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31127 – Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
https://notcve.org/view.php?id=CVE-2025-31127
03 Apr 2025 — Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. Element X Android es un cliente Matrix para Android proporcionado por element.io. En las versiones de Element X para Android entre la 0.4.16 y la 25.03.3, la entidad que controla... • https://github.com/element-hq/element-meta/issues/2441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27606 – Element Android PIN autologout bypass
https://notcve.org/view.php?id=CVE-2025-27606
14 Mar 2025 — Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue. • https://github.com/element-hq/element-android/commit/53bd78b05de375c6e6b0b5aa794a56b4ba95984c • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26987 – WordPress Frontend Admin by DynamiApps plugin <= 3.25.17 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26987
23 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps: from n/a through 3.25.17. The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.25.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arb... • https://patchstack.com/database/wordpress/plugin/acf-frontend-form-element/vulnerability/wordpress-frontend-admin-by-dynamiapps-plugin-3-25-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51646 – WordPress Saoshyant Element plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51646
16 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2. The Saoshyant Element plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if th... • https://patchstack.com/database/wordpress/plugin/saoshyant-element/vulnerability/wordpress-saoshyant-element-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54224 – WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54224
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7. The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with c... • https://patchstack.com/database/wordpress/plugin/element-ready-lite/vulnerability/wordpress-elementsready-addons-for-elementor-plugin-6-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54210 – WordPress Advanced Element Bucket Addons for Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54210
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2. The Advanced Element Bucket Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for auth... • https://patchstack.com/database/wordpress/plugin/cs-element-bucket/vulnerability/wordpress-advanced-element-bucket-addons-for-elementor-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51750 – Element allows a malicious homeserver can modify events leading to unrenderable events or rooms
https://notcve.org/view.php?id=CVE-2024-51750
12 Nov 2024 — Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85. • https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48 • CWE-248: Uncaught Exception •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51749 – Element's thumbnails can be abused to misrepresent the content of an attachment
https://notcve.org/view.php?id=CVE-2024-51749
12 Nov 2024 — Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85. • https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51787 – WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51787
04 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3. The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-6-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •