cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10091,https://securityvulnerability.io/vulnerability/CVE-2024-10091,Stored Cross-Site Scripting Vulnerability in Elementor Addons Plugin,"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Elementskit Elementor Addons,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-26T02:31:30.951Z,0
CVE-2024-8546,https://securityvulnerability.io/vulnerability/CVE-2024-8546,Stored Cross-Site Scripting in ElementsKit Elementor Addons Plugin for WordPress,"The ElementsKit Elementor addons plugin for WordPress is subjected to a vulnerability that allows for Stored Cross-Site Scripting through its Video widget. This issue exists in all versions of the plugin from launch to and including version 3.2.7, primarily due to inadequate input sanitization and output escaping mechanisms on attributes provided by users. Authenticated attackers, particularly those with contributor-level access and above, can exploit this vulnerability by injecting arbitrary web scripts within pages. When users access these pages, the malicious scripts are executed, potentially compromising the security and integrity of the site.",Wordpress,Elementskit Elementor Addons,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-25T13:15:00.000Z,0
CVE-2024-6455,https://securityvulnerability.io/vulnerability/CVE-2024-6455,Unauthorized Access to Sensitive Data in Elementor Plugin,"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.",Wordpress,Elementskit Elementor Addons,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-18T21:15:00.000Z,0
CVE-2024-3650,https://securityvulnerability.io/vulnerability/CVE-2024-3650,Stored Cross-Site Scripting in ElementsKit Elementor Addons Plugin for WordPress,"The ElementsKit Elementor addons plugin for WordPress suffers from a stored cross-site scripting vulnerability through its Image Accordion widget. This issue arises from inadequate input sanitization and output escaping, permitting authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. When users access affected pages, these scripts can execute, potentially compromising user data and security. This vulnerability impacts all versions from 3.0.7 to 3.1.2, making it essential for site administrators to apply updates and strengthen their security measures to mitigate potential exploits.",Wordpress,Elementskit Elementor Addons And Templates Library,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:25.574Z,0
CVE-2024-3499,https://securityvulnerability.io/vulnerability/CVE-2024-3499,Local File Inclusion Vulnerability in ElementsKit Elementor Addons Plugin for WordPress,"The ElementsKit Elementor addons plugin for WordPress is affected by a Local File Inclusion vulnerability that allows authenticated attackers with contributor-level access and above to exploit the generate_navigation_markup function in the Onepage Scroll module. This flaw enables the inclusion and execution of arbitrary files on the server, potentially leading to unauthorized access to sensitive data or malicious code execution. Allows potential bypassing of access controls and uploads of 'safe' file types like images that can be included and executed.",Wordpress,Elementskit Elementor Addons And Templates Library,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:09.867Z,0
CVE-2024-1238,https://securityvulnerability.io/vulnerability/CVE-2024-1238,Stored Cross-Site Scripting Vulnerability in Elementor Addons Plugin,"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Elementskit Elementor Addons,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-30T04:31:10.192Z,0
CVE-2024-2047,https://securityvulnerability.io/vulnerability/CVE-2024-2047,Arbitrary File Inclusion Vulnerability in ElementsKit Elementor Addons Plugin,"The ElementsKit Elementor addons plugin for WordPress is affected by a Local File Inclusion vulnerability that allows authenticated users with contributor-level access and above to include and execute arbitrary files on the server. This flaw is found in all versions up to and including 3.0.6, specifically through the 'render_raw' function. By exploiting this vulnerability, attackers can bypass access controls, execute arbitrary PHP code, and potentially expose sensitive data. The ability to upload and include what are perceived as safe file types, like images, further exacerbates the risk, making it essential for users to secure their installations against this vulnerability.",Wordpress,Elementskit Elementor Addons,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-30T04:31:07.657Z,0
CVE-2023-6525,https://securityvulnerability.io/vulnerability/CVE-2023-6525,Stored Cross-Site Scripting Vulnerability Affects ElementsKit Elementor Addons Plugin,"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Elementskit Elementor Addons,4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-16T02:34:28.155Z,0
CVE-2024-2042,https://securityvulnerability.io/vulnerability/CVE-2024-2042,Stored Cross-Site Scripting Vulnerability in Elementor Addons Plugin,"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Elementskit Elementor Addons,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-03-16T02:34:27.645Z,0
CVE-2024-1239,https://securityvulnerability.io/vulnerability/CVE-2024-1239,Stored Cross-Site Scripting Vulnerability in Elementor Addons Plugin,"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Elementskit Elementor Addons,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-16T02:34:26.986Z,0
CVE-2023-6582,https://securityvulnerability.io/vulnerability/CVE-2023-6582,Sensitive Information Exposure in ElementsKit Elementor Addons Plugin for WordPress,"The ElementsKit Elementor addons plugin for WordPress is affected by a vulnerability that enables unauthorized users to access sensitive information. Specifically, the flaw exists in the ekit_widgetarea_content function, which allows unauthenticated attackers to retrieve the contents of posts in draft, private, or pending review statuses. This exposure pertains solely to posts created using the Elementor page builder, thereby compromising the confidentiality of unpublished content that should remain hidden from public view.",Wordpress,ElementsKit Elementor addons,5.3,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2024-01-11T08:33:11.987Z,0