CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13564 – Rife Elementor Extensions & Templates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode
https://notcve.org/view.php?id=CVE-2024-13564
21 Feb 2025 — The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/3244081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37480 – WordPress Apollo13 Framework Extensions plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37480
04 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions permite XSS almacenado. Este pro... • https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5504 – Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget
https://notcve.org/view.php?id=CVE-2024-5504
01 Jul 2024 — The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El... • https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35708 – WordPress Rife Free theme <= 2.4.19 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35708
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en apollo13themes Rife Free permite XSS Almacenado. Este problema afecta a Rife Free: desde n/a hasta 2.4.19. The Rife Free theme for WordPress is vulnerable to Stored Cross-Site ... • https://patchstack.com/database/vulnerability/rife-free/wordpress-rife-free-theme-2-4-19-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51539 – WordPress Apollo13 Framework Extensions Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51539
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Apollo13Themes Apollo13 Framework Extensions. Este problema afecta a Apollo13 Framework Extensions: desde n/a hasta 1.9.1. The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing o... • https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47190 – WordPress Apollo13 Framework Extensions Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47190
03 Nov 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Autenticada (con permisos de colaboradores o superiores) Almacenada en el complemento Apollo13Themes Apollo13 Framework Extensions en versiones <=1.9.0. The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9... • https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24265 – Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24265
13 Apr 2021 — The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "Rife Elementor Extensions & Templates" versiones anteriores a 1.1.6, presenta un widget que es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un método similar • https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •