CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33919 – WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33919
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. Vulnerabilidad de autorización faltante en Rometheme RomethemeKit para Elementor. Este problema afecta a RomethemeKit para Elementor: desde n/a hasta 1.4.1. The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addNewPost() function in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to add new posts. • https://patchstack.com/database/vulnerability/rometheme-for-elementor/wordpress-romethemekit-for-elementor-plugin-1-4-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33630 – WordPress Piotnet Addons For Elementor plugin <= 2.4.26 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33630
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.26. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Piotnet Piotnet Addons para Elementor permite almacenar XSS. Este problema afecta a Piotnet Addons para Elementor: desde n/a hasta 2.4.26. The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor/wordpress-piotnet-addons-for-elementor-plugin-2-4-26-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33632 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33632
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.17. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33539 – WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33539
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZOOM Addons for Elementor (Templates, Widgets): from n/a through 1.1.35. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) permiten almacenar XSS. Este problema afecta a los complementos de WPZOOM para Elementor (plantillas, widgets): desde n/a hasta 1.1.35. The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.1.35 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag.' This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wpzoom-elementor-addons/wordpress-wpzoom-addons-for-elementor-plugin-1-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33634 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33634
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.17. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-unauthenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •