CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35656 – WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35656
28 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Elementor Elementor Pro permite el XSS reflejado. Este problema afecta a Elementor Pro: desde n/a hasta 3.21.2. The Elementor Pro plugin for WordPress is vulnerable to Re... • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-3-21-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23523 – WordPress Elementor Pro plugin <= 3.19.2 - Contributor+ Arbitrary User Meta Data Retrieval vulnerability
https://notcve.org/view.php?id=CVE-2024-23523
26 Feb 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Elementor Pro. Este problema afecta a Elementor Pro: desde n/a hasta 3.19.2. The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.2 . This makes it possible for authenticated attackers... • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-19-2-contributor-arbitrary-user-meta-data-retrieval-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35050 – WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35050
20 Jun 2023 — Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0. Vulnerabilidad de autorización faltante en Elementor Elementor Pro. Este problema afecta a Elementor Pro: desde n/a hasta 3.13.0. The Elementor Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.13.0. This makes it possible for authenticate... • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-13-0-subscriber-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3124 – Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option
https://notcve.org/view.php?id=CVE-2023-3124
28 Mar 2023 — The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. El plugin Elementor Pro para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de comprobación en la función "update_pag... • https://github.com/AmirWhiteHat/CVE-2023-3124 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-26596 – Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget
https://notcve.org/view.php?id=CVE-2020-26596
06 Oct 2020 — The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. El widget Dynamic OOO para el plugin Elementor Pro versiones hasta 3.0.5 para WordPress, permite a usuarios autenticados remotos ejecutar código arbitrario po... • https://elementor.com/pro/changelog • CWE-269: Improper Privilege Management •