NotCVE - vendor:"Elfsight"

7 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-31584 – WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2025-31584

31 Mar 2025 — Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1. The WordPress Testimonials Slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform a... • https://patchstack.com/database/wordpress/plugin/elfsight-testimonials-slider/vulnerability/wordpress-elfsight-testimonials-slider-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-31587 – WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-31587

31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elfsight Elfsight Testimonials Slider allows Stored XSS. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1. The Elfsight Testimonials Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce... • https://patchstack.com/database/wordpress/plugin/elfsight-testimonials-slider/vulnerability/wordpress-elfsight-testimonials-slider-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-31588 – WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

https://notcve.org/view.php?id=CVE-2025-31588

31 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight Testimonials Slider allows Cross Site Request Forgery. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1. The WordPress Testimonials Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings granted they can t... • https://patchstack.com/database/wordpress/plugin/elfsight-testimonials-slider/vulnerability/wordpress-elfsight-testimonials-slider-plugin-1-0-1-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-10390 – Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-10390

18 Nov 2024 — The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://codecanyon.net/item/elfsight-telegram-chat/25288599 • CWE-862: Missing Authorization •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-4100 – Pricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax()

https://notcve.org/view.php?id=CVE-2024-4100

08 Jul 2024 — The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Pricing Table para WordPress es vulnerable a Cross-Si... • https://plugins.trac.wordpress.org/browser/elfsight-pricing-table/trunk/core/includes/widgets-api.php#L71 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-4102 – Pricing Table <= 2.0.1 - Missing Authorization

https://notcve.org/view.php?id=CVE-2024-4102

08 Jul 2024 — The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables. El complemento Pricing Table para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función ajax() en todas l... • https://plugins.trac.wordpress.org/browser/elfsight-pricing-table/trunk/core/includes/widgets-api.php#L71 • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-11005 – Elfsight Instagram Widget – Instagram Gallery < 1.1.2 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2016-11005

07 Feb 2016 — The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. El plugin instalinker versiones anteriores a 1.1.2 para WordPress, presenta una vulnerabilidad de tipo XSS de includes/instalinker-admin-preview.php?client_id=. • https://rastating.github.io/instalinker-reflected-xss-information-disclosure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •