CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37479 – WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37479
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1. Vulnerabilidad de inclusión de archivos locales en LA-Studio LA-Studio Element Kit para Elementor a través del widget "LaStudioKit Progress Bar" en Nueva publicación, específicamente en el atributo "progress_type". Este problema afecta a LA-Studio Element Kit para Elementor: desde n/a hasta 1.3.8.1. The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'progress_type' attribute of the Progress Bar widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34374 – WordPress ElementsReady Addons for Elementor plugin <= 5.8.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34374
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en QuomodoSoft ElementsReady Addons para Elementor permite almacenar XSS. Este problema afecta a ElementsReady Addons para Elementor: desde n/a hasta 5.8.0. The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-5-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33568 – WordPress Element Pack Pro plugin <= 7.7.4 - Arbitrary File Read and Phar Deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-33568
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a through 7.7.4. Limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal"), vulnerabilidad de deserialización de datos no confiables en BdThemes Element Pack Pro permite el Path Traversal, la inyección de objetos. Este problema afecta a Element Pack Pro: desde n/a hasta 7.7.4. The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/bdthemes-element-pack/wordpress-element-pack-pro-plugin-7-7-4-arbitrary-file-read-and-phar-deserialization-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30496 – WordPress Element Pack Lite plugin <= 5.5.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30496
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en el complemento Element Pack Elementor Addons de BdThemes para WordPress. Este problema afecta a Element Pack Elementor Addons: desde n/a hasta 5.5.3. The Element Pack Elementor Addons plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-lite-plugin-5-5-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30185 – WordPress Element Pack Elementor Addons plugin <= 5.5.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30185
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en los complementos de Elementor de BdThemes Element Pack permite XSS almacenado. Este problema afecta a los complementos de Elementor de Element Pack: desde n/a hasta 5.5.3. The Element Pack Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link URL in versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •