CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24266 – The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24266
13 Apr 2021 — The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "The Plus Addons for Elementor Page Builder Lite" versiones anteriores a 2.0.6, presenta cuatro widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios cpn menos privilegios, como los contribuyentes, todo por medio... • https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-24175 – The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-24175
08 Mar 2021 — The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. El plugin de WordPress Plus Addons for Elementor Page Builder versiones anteriores a 4... • https://posimyth.ticksy.com/ticket/2713734 • CWE-287: Improper Authentication •