cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12851,https://securityvulnerability.io/vulnerability/CVE-2024-12851,Stored Cross-Site Scripting Vulnerability in Element Pack Elementor Addons for WordPress,"The Element Pack Elementor Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) via the custom_attributes parameter of the Cookie Consent Widget. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level privileges or higher to inject malicious scripts. The injected scripts execute when users visit compromised pages, potentially leading to unauthorized actions and data theft.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid, Carousel And Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-08T06:41:37.636Z,0
CVE-2024-9058,https://securityvulnerability.io/vulnerability/CVE-2024-9058,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid, Carousel And Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-03T06:50:54.098Z,0
CVE-2024-10980,https://securityvulnerability.io/vulnerability/CVE-2024-10980,Stored Cross-Site Scripting Vulnerability in Elementor Addons for WordPress,"CVE-2024-10980 is a vulnerability in the Element Pack Elementor Addons plugin for WordPress, affecting versions prior to 5.10.3. This vulnerability arises from the improper validation and escaping of specific Cookie Consent block options before they are rendered on a page or post. As a result, it enables users with contributor roles or higher to execute Stored Cross-Site Scripting (XSS) attacks. This could allow attackers to inject malicious scripts into pages visited by users, compromising site integrity and user data. Website administrators are strongly advised to update to the latest version to mitigate any potential risks associated with this vulnerability.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid, Carousel And Remote Arrows)",,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-11-29T06:00:07.501Z,0
CVE-2024-10493,https://securityvulnerability.io/vulnerability/CVE-2024-10493,Cross-Site Scripting Vulnerability in Elementor Addons for WordPress,"CVE-2024-10493 is a critical Cross-Site Scripting (XSS) vulnerability found in the Element Pack Elementor Addons plugin for WordPress, specifically affecting versions before 5.10.3. The flaw arises from improper validation and escaping of certain block option outputs, which can allow users with contributor roles and higher to inject malicious scripts into web pages. As a result, an attacker can leverage this vulnerability to execute stored XSS attacks, potentially compromising the security of affected WordPress sites and their users. Immediate action is recommended to upgrade to the latest version to safeguard against such threats.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-11-28T06:00:07.715Z,0
CVE-2024-9867,https://securityvulnerability.io/vulnerability/CVE-2024-9867,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-05T11:32:21.953Z,0
CVE-2024-9657,https://securityvulnerability.io/vulnerability/CVE-2024-9657,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-11-05T11:32:21.044Z,0
CVE-2024-10310,https://securityvulnerability.io/vulnerability/CVE-2024-10310,Stored XSS Vulnerability in Elementor Addons,"The Element Pack Elementor Addons plugin for WordPress contains a Stored Cross-Site Scripting vulnerability due to inadequate sanitization of user input in its Custom Gallery Widget. Specifically, the 'image_title' parameter lacks proper input validation and output escaping, allowing authenticated attackers with Contributor-level access or greater to inject malicious scripts. These scripts will execute when users access affected pages, potentially compromising site security and user data. It is crucial for users of this plugin to apply security best practices and update to the latest version to mitigate risks.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-02T02:15:00.000Z,0
CVE-2024-9868,https://securityvulnerability.io/vulnerability/CVE-2024-9868,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-02T02:15:00.000Z,0
CVE-2024-7247,https://securityvulnerability.io/vulnerability/CVE-2024-7247,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2024-08-13T05:30:55.306Z,0
CVE-2024-4360,https://securityvulnerability.io/vulnerability/CVE-2024-4360,Stored Cross-Site Scripting Vulnerability Affects Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-4359,https://securityvulnerability.io/vulnerability/CVE-2024-4359,Arbitrary File Read Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-5555,https://securityvulnerability.io/vulnerability/CVE-2024-5555,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-18T08:33:04.083Z,0
CVE-2024-5554,https://securityvulnerability.io/vulnerability/CVE-2024-5554,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-18T08:33:03.009Z,0
CVE-2024-3925,https://securityvulnerability.io/vulnerability/CVE-2024-3925,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-12T07:32:52.972Z,0
CVE-2024-3927,https://securityvulnerability.io/vulnerability/CVE-2024-3927,Unauthenticated Attackers Can Bypass Contact Form Restriction in Element Pack Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass  in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-22T06:50:33.584Z,0
CVE-2024-1429,https://securityvulnerability.io/vulnerability/CVE-2024-1429,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-18T04:32:59.225Z,0
CVE-2024-1426,https://securityvulnerability.io/vulnerability/CVE-2024-1426,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-18T04:32:58.633Z,0
CVE-2024-2966,https://securityvulnerability.io/vulnerability/CVE-2024-2966,Sensitive Information Exposure in Elementor Addons,"The Element Pack Elementor Addons plugin for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to access sensitive information. This issue arises from the element_pack_ajax_search function, which can be exploited to retrieve confidential data, including details of password-protected posts. The vulnerability affects all versions of the plugin up to and including version 5.5.6, highlighting the importance of updating to secure user data against potential threats.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",7.5,HIGH,0.0007999999797903001,false,,false,false,false,,false,false,2024-04-11T07:31:36.278Z,0
CVE-2024-0837,https://securityvulnerability.io/vulnerability/CVE-2024-0837,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-06T08:15:00.000Z,0
CVE-2024-1428,https://securityvulnerability.io/vulnerability/CVE-2024-1428,Stored Cross-Site Scripting Vulnerability in Elementor Addons,"The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘element_pack_wrapper_link’ attribute of the Trailer Box widget in all versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Element Pack Elementor Addons (header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-04-06T08:15:00.000Z,0