cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4471,https://securityvulnerability.io/vulnerability/CVE-2024-4471,Vulnerability in 140+ Widgets' Best Addons For Elementor Allows PHP Object Injection,"The 140+ Widgets plugin for Elementor, developed by Best Addons, is susceptible to a PHP Object Injection vulnerability due to improper handling of untrusted data in the 'export_content' function. Affected versions up to and including 1.4.3.1 permit authenticated attackers with contributor-level permissions to manipulate the system through PHP object injection. While the vulnerable plugin does not contain a prevalent object property (POP) chain, an exploit could arise if additional installed plugins or themes create a POP chain. This scenario could enable attackers to delete arbitrary files, access sensitive information, or execute malicious code, posing significant risks to WordPress environments.",Wordpress,140+ Widgets | Best Addons For Elementor – Free,8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-23T12:43:37.717Z,0
CVE-2024-4440,https://securityvulnerability.io/vulnerability/CVE-2024-4440,Stored Cross-Site Scripting Vulnerability in 140+ Widgets for Elementor,"The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,140+ Widgets | Best Addons For Elementor – Free,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-05-14T09:33:31.861Z,0
CVE-2024-2250,https://securityvulnerability.io/vulnerability/CVE-2024-2250,Stored Cross-Site Scripting Vulnerability in 130+ Widgets for Elementor,"The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,140+ Widgets | Best Addons For Elementor – Free,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-29T07:31:02.328Z,0