CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13564 – Rife Elementor Extensions & Templates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode
https://notcve.org/view.php?id=CVE-2024-13564
21 Feb 2025 — The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/changeset/3244081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5504 – Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget
https://notcve.org/view.php?id=CVE-2024-5504
01 Jul 2024 — The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El... • https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24265 – Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24265
13 Apr 2021 — The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method. El Plugin de WordPress "Rife Elementor Extensions & Templates" versiones anteriores a 1.1.6, presenta un widget que es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios con menos privilegios, como los contribuyentes, todo por medio de un método similar • https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •