CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34421 – WordPress BlogLentor – Blog Designer Pack for Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34421
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsurface BlogLentor allows Stored XSS.This issue affects BlogLentor: from n/a through 1.0.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en wpsurface BlogLentor permite almacenar XSS. Este problema afecta a BlogLentor: desde n/a hasta 1.0.8. The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/bloglentor-for-elementor/wordpress-bloglentor-blog-designer-pack-for-elementor-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34415 – WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34415
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.This issue affects Thim Elementor Kit: from n/a through 1.1.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThimPress Thim Elementor Kit permite almacenar XSS. Este problema afecta a Thim Elementor Kit: desde n/a hasta 1.1.8. The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/thim-elementor-kit/wordpress-thim-elementor-kit-plugin-1-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4107 – Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4107
The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Elementor Website Builder – More than Just a Page Builder Pro para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de varios parámetros en versiones hasta la 3.21.0 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://doc.clickup.com/9011113249/d/h/8chnb91-5091/3951e6f2afbd388 https://www.wordfence.com/threat-intel/vulnerabilities/id/0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33914 – WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
https://notcve.org/view.php?id=CVE-2024-33914
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. Vulnerabilidad de autorización faltante en Exclusive Addons Exclusive Addons Elementor. Este problema afecta a Elementor de complementos exclusivos: desde n/a hasta 2.6.9.1. The Exclusive Addons Elementor plugin for WordPress is vulnerable to unauthorized access of datadue to an insufficient capability check on the duplicate_post() function in versions up to, and including, 2.6.9.1. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other users posts which can lead to information disclosure for private posts. • https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-1-broken-access-control-on-post-duplication-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33908 – WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33908
Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. Vulnerabilidad de autorización faltante en Themesgrove WidgetKit. Este problema afecta a WidgetKit: desde n/a hasta 2.5.0. The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wk_td_ads_dismiss_notice() function in versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to dismiss notices. • https://patchstack.com/database/vulnerability/widgetkit-for-elementor/wordpress-widgetkit-plugin-2-4-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •