CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31289 – WordPress Hello Elementor theme <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31289
Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Elementor Hello Elementor. Este problema afecta a Hello Elementor: desde n/a hasta 3.0.0. The Hello Elementor theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the ajax_hello_elementor_set_admin_notice_viewed() function. • https://patchstack.com/database/vulnerability/hello-elementor/wordpress-hello-elementor-theme-3-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31278 – WordPress Premium Addons for Elementor plugin <= 4.10.22 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-31278
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. The Premium Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.22. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-22-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30524 – WordPress PDF Viewer for Elementor plugin <= 2.9.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30524
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedLettuce Plugins PDF Viewer for Elementor allows Stored XSS.This issue affects PDF Viewer for Elementor: from n/a through 2.9.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en los complementos de PDF Viewer for Elementor de RedLettuce para WordPress permite XSS almacenado. Este problema afecta al PDF Viewer for Elementor: desde n/a hasta 2.9.3. The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/pdf-viewer-for-elementor/wordpress-pdf-viewer-for-elementor-plugin-2-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30533 – WordPress Layouts for Elementor plugin < 1.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-30533
Unrestricted Upload of File with Dangerous Type vulnerability in Techeshta Layouts for Elementor.This issue affects Layouts for Elementor: from n/a before 1.8. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Techeshta Layouts for Elementor de WordPress. Este problema afecta a Layouts para Elementor: desde n/a antes de 1.8. The Layouts for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the handle_import() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to upload arbitrary files that can be used to achieve remote code execution. • https://patchstack.com/database/vulnerability/layouts-for-elementor/wordpress-layouts-for-elementor-plugin-1-8-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30422 – WordPress Elementor Addon Elements plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30422
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en WPVibes Elementor Addon Elements permite XSS almacenado. Este problema afecta a Elementor Addon Elements: desde n/a hasta 1.13.1. The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •