cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3650,https://securityvulnerability.io/vulnerability/CVE-2024-3650,Stored Cross-Site Scripting in ElementsKit Elementor Addons Plugin for WordPress,"The ElementsKit Elementor addons plugin for WordPress suffers from a stored cross-site scripting vulnerability through its Image Accordion widget. This issue arises from inadequate input sanitization and output escaping, permitting authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. When users access affected pages, these scripts can execute, potentially compromising user data and security. This vulnerability impacts all versions from 3.0.7 to 3.1.2, making it essential for site administrators to apply updates and strengthen their security measures to mitigate potential exploits.",Wordpress,Elementskit Elementor Addons And Templates Library,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:25.574Z,0
CVE-2024-3499,https://securityvulnerability.io/vulnerability/CVE-2024-3499,Local File Inclusion Vulnerability in ElementsKit Elementor Addons Plugin for WordPress,"The ElementsKit Elementor addons plugin for WordPress is affected by a Local File Inclusion vulnerability that allows authenticated attackers with contributor-level access and above to exploit the generate_navigation_markup function in the Onepage Scroll module. This flaw enables the inclusion and execution of arbitrary files on the server, potentially leading to unauthorized access to sensitive data or malicious code execution. Allows potential bypassing of access controls and uploads of 'safe' file types like images that can be included and executed.",Wordpress,Elementskit Elementor Addons And Templates Library,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:09.867Z,0