cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-12059,https://securityvulnerability.io/vulnerability/CVE-2024-12059,Vulnerability in ElementInvader Addons for Elementor Exposes Arbitrary Options,"The ElementInvader Addons for Elementor plugin for WordPress is susceptible to a vulnerability that allows authenticated attackers with Contributor-level access or higher to exploit the el_option_value shortcode. This flaw enables them to extract arbitrary data from the wp_options table, potentially compromising sensitive information stored within the WordPress site. It is crucial for users of this plugin to implement security measures and apply necessary updates to safeguard against potential exploitation.",Wordpress,Elementinvader Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-12T05:24:24.715Z,0 CVE-2024-9889,https://securityvulnerability.io/vulnerability/CVE-2024-9889,Private Content Exposure Vulnerability in ElementInvader Addons for Elementor,"The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.",Wordpress,Elementinvader Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-19T06:42:02.835Z,0 CVE-2024-9888,https://securityvulnerability.io/vulnerability/CVE-2024-9888,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The ElementInvader Addons for Elementor plugin for WordPress presents a Stored Cross-Site Scripting vulnerability that arises from inadequate input sanitization and output escaping on user-supplied attributes, particularly within the plugin's contact form widget redirect URL. This flaw enables authenticated users with a contributor-level access or higher to insert arbitrary web scripts into pages. Such scripts execute whenever a user accesses these modified pages, potentially leading to unauthorized actions and breaches of user data security. Mitigation strategies include ensuring proper input validation and output encoding to prevent script injection.",Wordpress,Elementinvader Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-16T05:31:56.677Z,0 CVE-2024-2308,https://securityvulnerability.io/vulnerability/CVE-2024-2308,Stored Cross-Site Scripting Vulnerability in ElementInvader Addons for Elementor,"The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Elementinvader Addons For Elementor,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-16T01:55:43.573Z,0