NotCVE - vendor:"Ultimate Store Kit"

7 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-39588 – WordPress Ultimate Store Kit Elementor Addons <= 2.4.0 - Deserialization of untrusted data Vulnerability

https://notcve.org/view.php?id=CVE-2025-39588

17 Apr 2025 — Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. The Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Ob... • https://patchstack.com/database/wordpress/plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-2-4-0-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-32184 – WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-32184

04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Stored XSS. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with con... • https://patchstack.com/database/wordpress/plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-24584 – WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2025-24584

19 Dec 2024 — Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0. The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to... • https://patchstack.com/database/wordpress/plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-47629 – WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-47629

30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5. The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/ultimate-store-kit/wordpress-ultimate-store-kit-elementor-addons-plugin-2-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43342 – WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-43342

16 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4. The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/ultimate-store-kit/wordpress-ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-plugin-1-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-4606 – WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-4606

07 May 2024 — Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.2. Deserialización de vulnerabilidad de datos no confiables en BdThemes Ultimate Store Kit Elementor Addons. Este problema afecta a los complementos Ultimate Store Kit Elementor: desde n/a hasta 1.6.2. Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Ele... • https://patchstack.com/database/vulnerability/ultimate-store-kit/wordpress-ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-plugin-1-6-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31357 – WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-31357

08 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. Se ha encontrado una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en BdThemes Ultimate Store Kit Elementor Addons de WordPress permite XSS almacenado. Este problema afecta a Ultimate Store Kit... • https://patchstack.com/database/vulnerability/ultimate-store-kit/wordpress-ultimate-store-kit-elementor-addons-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •