CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34432 – WordPress Better Elementor Addons plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34432
07 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en BetterAddons Better Elementor Addons best-elementor-addons permite almacenar XSS. Este problema afecta a Better Elementor Addons: desde n/a ... • https://patchstack.com/database/vulnerability/better-elementor-addons/wordpress-better-elementor-addons-plugin-1-4-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-33541 – WordPress Better Elementor Addons plugin <= 1.4.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-33541
25 Apr 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through 1.4.1. Limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en BetterAddons Better Elementor Addons permite la inclusión de archivos locales PHP. Este problema afecta a Better Elementor Addons: desde n/a hasta 1.4.1. The Better El... • https://patchstack.com/database/vulnerability/better-elementor-addons/wordpress-better-elementor-addons-plugin-1-4-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30423 – WordPress Better Elementor Addons plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30423
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en BetterAddons Better Elementor Addons permite XSS almacenado. Este problema afecta a Better Elementor Addons: desde n/a hasta 1.3.7. The Better Elementor Addons plug... • https://patchstack.com/database/vulnerability/better-elementor-addons/wordpress-better-elementor-addons-plugin-1-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2280 – Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links
https://notcve.org/view.php?id=CVE-2024-2280
28 Mar 2024 — The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Better Elementor Addons de WordPress es vu... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3060565%40better-elementor-addons&new=3060565%40better-elementor-addons&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41656 – Better Elementor Addons <= 1.3.8 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-41656
01 Sep 2023 — The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bea_admin_ajax() function hooked via an AJAX action in versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to save and reset the plugin's settings. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 425EXPL: 0CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
04 Mar 2022 — The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve • CWE-862: Missing Authorization •