CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56226 – WordPress Royal Elementor Addons plugin <= 1.7.1001 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56226
19 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in ... • https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-7-1001-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56227 – WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56227
19 Dec 2024 — Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.1001. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform ... • https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-7-1001-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56225 – WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56225
19 Dec 2024 — Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56. The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.10.56. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unaut... • https://patchstack.com/database/wordpress/plugin/premium-addons-for-elementor/vulnerability/wordpress-premium-addons-for-elementor-plugin-4-10-56-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56062 – WordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56062
18 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987. The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.987 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to ... • https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-and-templates-plugin-1-3-987-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56063 – WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56063
18 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7. The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve... • https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-plugin-6-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54443 – WordPress Advanced Data Table For Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54443
14 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginscafe Advanced Data Table For Elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through 1.0.0. The Advanced Data Table For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contrib... • https://patchstack.com/database/wordpress/plugin/advanced-data-table-for-elementor/vulnerability/wordpress-advanced-data-table-for-elementor-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54278 – WordPress News Ticker for Elementor plugin <= 2.1.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-54278
11 Dec 2024 — Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through 2.1.3. The News Ticker for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized a... • https://patchstack.com/database/wordpress/plugin/news-ticker-for-elementor/vulnerability/wordpress-news-ticker-for-elementor-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54314 – WordPress Primary Addon for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54314
11 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.6.0. The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access ... • https://patchstack.com/database/wordpress/plugin/primary-addon-for-elementor/vulnerability/wordpress-primary-addon-for-elementor-plugin-1-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54315 – WordPress Events Addon for Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54315
11 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2. The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access ... • https://patchstack.com/database/wordpress/plugin/events-addon-for-elementor/vulnerability/wordpress-events-addon-for-elementor-plugin-2-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54316 – WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54316
11 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.8. The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... • https://patchstack.com/database/wordpress/plugin/restaurant-cafe-addon-for-elementor/vulnerability/wordpress-restaurant-cafe-addon-for-elementor-plugin-1-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •