CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34764 – WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34764
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.15. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en WPDeveloper Essential Addons para Elementor permite XSS almacenado. Este problema afecta a Essential Addons para Elementor: desde n/a hasta 5.9.15. The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-9-15-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34791 – WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34791
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through 1.0.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en los complementos de WPB Elementor de wpbean permite XSS almacenado. Este problema afecta a los complementos de WPB Elementor: desde n/a hasta 1.0.9. The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, <=1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wpb-elementor-addons/wordpress-wpb-elementor-addons-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34789 – WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34789
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through 2.0.16. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en el complemento WP Hait Post Grid Elementor permite XSS almacenado. Este problema afecta al complemento Post Grid Elementor: desde n/a hasta 2.0.16. The Post Grid Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_tag parameter in versions up to, and including, 2.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/post-grid-elementor-addon/wordpress-post-grid-elementor-addon-plugin-2-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34575 – WordPress DethemeKit For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34575
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en deTheme DethemeKit para Elementor permite XSS almacenado. Este problema afecta a DethemeKit para Elementor: desde n/a hasta 2.1.2. The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/dethemekit-for-elementor/wordpress-dethemekit-for-elementor-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35167 – WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35167
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8. Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce permiten almacenar XSS. Este problema afecta las plantillas y widgets de Elementor de Envo para WooCommerce: desde n/a hasta 1.4.8. The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/envo-elementor-for-woocommerce/wordpress-envo-s-elementor-templates-widgets-for-woocommerce-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •