CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8494 – Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
https://notcve.org/view.php?id=CVE-2024-8494
29 Jan 2025 — The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4. • https://elementor.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51812 – WordPress Pro Addons For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51812
08 Nov 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasim Pro Addons For Elementor allows Stored XSS.This issue affects Pro Addons For Elementor: from n/a through 1.5.0. The Pro Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i... • https://patchstack.com/database/vulnerability/pro-addons-for-elementor/wordpress-pro-addons-for-elementor-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35656 – WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35656
28 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Elementor Elementor Pro permite el XSS reflejado. Este problema afecta a Elementor Pro: desde n/a hasta 3.21.2. The Elementor Pro plugin for WordPress is vulnerable to Re... • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-3-21-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4107 – Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4107
02 May 2024 — The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Elementor Website Builder – More than... • https://doc.clickup.com/9011113249/d/h/8chnb91-5091/3951e6f2afbd388 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33632 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33632
25 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.17. This is due to mis... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33631 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33631
25 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site Scripting") en Piotnet Piotnet Addons para Elementor Pro permite almacenar XSS. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. ... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-authenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33633 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33633
25 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site Scripting") en Piotnet Piotnet Addons para Elementor Pro permite Reflected XSS. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.1... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33634 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33634
25 Apr 2024 — Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.17. This makes ... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-unauthenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33635 – WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-33635
25 Apr 2024 — Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Vulnerabilidad de autorización faltante en Piotnet Piotnet Addons para Elementor Pro. Este problema afecta a Piotnet Addons para Elementor Pro: desde n/a hasta 7.1.17. The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including,... • https://patchstack.com/database/vulnerability/piotnet-addons-for-elementor-pro/wordpress-piotnet-addons-for-elementor-pro-plugin-7-1-17-unauthenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2781 – Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag
https://notcve.org/view.php?id=CVE-2024-2781
26 Mar 2024 — The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Elementor Website Builder Pro para WordPress es vulnerable a Cross-Sit... • https://github.com/jprx/CVE-2024-27815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •