CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22315 – WordPress Typing Text plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22315
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en WPDeveloper Typing Text permite XSS almacenado. Este problema afecta a Typing Text: desde n/a hasta 1.2.7. • https://patchstack.com/database/wordpress/plugin/typing-text/vulnerability/wordpress-typing-text-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51360 – WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51360
09 Dec 2024 — Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. • https://patchstack.com/database/wordpress/plugin/essential-blocks/vulnerability/wordpress-essential-blocks-plugin-4-2-0-multiple-subscriber-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5058 – WordPress Typing Text plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-5058
19 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en WPDeveloper Typing Text permite XSS Almacenado. Este problema afecta a Typing Text: desde n/a hasta 1.2.5. The Typing Text plugin for WordPress is vulnerable to Stored Cross... • https://patchstack.com/database/vulnerability/typing-text/wordpress-typing-text-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5188 – Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-5188
05 Jun 2024 — The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. ... • https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Event_Calendar.php#L3255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5571 – EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget
https://notcve.org/view.php?id=CVE-2024-5571
04 Jun 2024 — The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitra... • https://plugins.trac.wordpress.org/browser/embedpress/tags/4.0.0/EmbedPress/Elementor/Widgets/Embedpress_Pdf.php#L690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31284 – WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31284
05 Apr 2024 — Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8. Vulnerabilidad de autorización faltante en WPDeveloper EmbedPress. Este problema afecta a EmbedPress: desde n/a hasta 3.9.8. The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_calendly_data() function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings. • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-3-9-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0954 – Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-0954
01 Feb 2024 — The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will exe... • https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0585 – Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl
https://notcve.org/view.php?id=CVE-2024-0585
17 Jan 2024 — The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an... • https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0586 – Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping
https://notcve.org/view.php?id=CVE-2024-0586
17 Jan 2024 — The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an inje... • https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7071 – Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-7071
09 Jan 2024 — The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Essential Blocks – Page B... • https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/blocks/TableOfContents.php#L138 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •