CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2252 – Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2252
07 Mar 2024 — The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected... • https://wordpress.org/plugins/droit-elementor-addons • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22136 – WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22136
08 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder. Este problema afecta a los complementos de Droit Elementor Addons – Widgets, Blocks, Templa... • https://patchstack.com/database/vulnerability/droit-elementor-addons/wordpress-droit-elementor-addons-plugin-3-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •