CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54338 – WordPress Hello Event Widgets For Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54338
11 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christer Fernstrom Hello Event Widgets For Elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through 1.0.2. The Hello Event Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/wordpress/plugin/hello-event-widgets-for-elementor/vulnerability/wordpress-hello-event-widgets-for-elementor-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54228 – WordPress Wot Elementor Widgets plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54228
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebOccult Technologies Pvt Ltd Wot Elementor Widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through 1.0.1. The Wot Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acc... • https://patchstack.com/database/wordpress/plugin/wot-elementor-widgets/vulnerability/wordpress-wot-elementor-widgets-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54230 – WordPress Unlock Addons for Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54230
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPRealizer Unlock Addons for Elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through 1.0.0. The Unlock Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces... • https://patchstack.com/database/wordpress/plugin/unlock-addons-for-elementor/vulnerability/wordpress-unlock-addons-for-elementor-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54232 – WordPress RRAddons for Elementor plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54232
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rrdevs RRAddons for Elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through 1.1.0. The RRAddons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject... • https://patchstack.com/database/wordpress/plugin/rrdevs-for-elementor/vulnerability/wordpress-rraddons-for-elementor-plugin-1-1-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54253 – WordPress Xpro Addons For Elementor plugin <= 1.4.6.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54253
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.6.1. The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve... • https://patchstack.com/database/wordpress/plugin/xpro-elementor-addons/vulnerability/wordpress-xpro-addons-for-elementor-plugin-1-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54260 – WordPress News Kit Elementor Addons plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54260
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2. The News Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an... • https://patchstack.com/database/wordpress/plugin/news-kit-elementor-addons/vulnerability/wordpress-news-kit-elementor-addons-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53796 – WordPress Themesflat Addons For Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53796
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2. The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor... • https://patchstack.com/database/wordpress/plugin/themesflat-addons-for-elementor/vulnerability/wordpress-themesflat-addons-for-elementor-plugin-2-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53823 – WordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-53823
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. The The Plus Addons for Elementor Page Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.6.14 due to insufficient input sanitization and output escaping. This makes it possib... • https://patchstack.com/database/wordpress/plugin/the-plus-addons-for-elementor-page-builder/vulnerability/wordpress-the-plus-addons-for-elementor-plugin-5-6-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53816 – WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-53816
02 Dec 2024 — Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform a dependency plugin install. • https://patchstack.com/database/wordpress/plugin/tutor-lms-elementor-addons/vulnerability/wordpress-tutor-lms-elementor-addons-plugin-2-1-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54212 – WordPress Magical Addons For Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54212
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access... • https://patchstack.com/database/wordpress/plugin/magical-addons-for-elementor/vulnerability/wordpress-magical-addons-for-elementor-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •