CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34012 – WordPress Premium Addons PRO Plugin <= 2.8.24 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34012
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions. The Premium Addons PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.8.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/premium-addons-pro/wordpress-premium-addons-pro-plugin-2-8-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4445 – Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update
https://notcve.org/view.php?id=CVE-2021-4445
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. • https://www.wordfence.com/threat-intel/vulnerabilities/id/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=cve https://ithemes.com/blog/wordpress-vulnerability-report-september-2021-part-2/#ib-toc-anchor-2 https://wpscan.com/vulnerability/2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c https://wordpress.org/plugins/premium-addons-for-elementor https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24257 – Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24257
The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "Premium Addons for Elementor" versiones anteriores a 4.2.8, presenta varios widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un método similar • https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25 https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •