cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8978,https://securityvulnerability.io/vulnerability/CVE-2024-8978,Sensitive Information Exposure Vulnerability Affects Elementor Users,"The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",5.7,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2024-11-15T09:29:39.946Z,0
CVE-2024-8979,https://securityvulnerability.io/vulnerability/CVE-2024-8979,Sensitive Information Exposure Risk in Elementor Addon,"The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",5.7,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2024-11-15T09:29:39.230Z,0
CVE-2024-8961,https://securityvulnerability.io/vulnerability/CVE-2024-8961,Stored Cross-Site Scripting Vulnerability in Elementor Addon,"The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-11-15T06:48:03.358Z,0
CVE-2021-4447,https://securityvulnerability.io/vulnerability/CVE-2021-4447,Privilege Escalation Vulnerability in Elementor Page Builder,"The Essential Addons for Elementor plugin for WordPress contains a vulnerability that allows privilege escalation due to insufficient restrictions on adding custom registration forms and roles. Versions up to and including 4.6.4 are affected, enabling attackers with access to the Elementor page builder to create a new registration form. This form can be manipulated to set the default user role to administrator, allowing unauthorized users to register with elevated privileges, thereby compromising the site's security. It is critical for users of the affected versions to apply patches and updates promptly to mitigate potential risks.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-16T06:43:42.210Z,0
CVE-2021-4446,https://securityvulnerability.io/vulnerability/CVE-2021-4446,Authorization Bypass Vulnerability in Elementor Essential Addons,"The Essential Addons for Elementor plugin for WordPress has a vulnerability that allows authenticated users, even those with minimal permissions such as a subscriber, to bypass authorization checks. This issue arises from missing capability checks and nonce disclosure, enabling unauthorized actions such as changing plugin settings and installing arbitrary plugins. Affected versions include those up to and including 4.6.4, highlighting the importance of maintaining up-to-date plugins to mitigate security risks.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:25.787Z,0
CVE-2024-8742,https://securityvulnerability.io/vulnerability/CVE-2024-8742,Elementor Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of user-supplied attributes within the Filterable Gallery widget. This vulnerability allows authenticated attackers, who possess contributor-level access or higher, to inject arbitrary web scripts into pages. As a result, these injected scripts can execute whenever a user visits the affected page, potentially compromising the security of users visiting the site.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-13T06:47:28.798Z,0
CVE-2024-8440,https://securityvulnerability.io/vulnerability/CVE-2024-8440,Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-11T06:42:25.138Z,0
CVE-2024-7092,https://securityvulnerability.io/vulnerability/CVE-2024-7092,Stored Cross-Site Scripting Vulnerability in Elementor Templates,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2024-08-13T04:29:10.738Z,0
CVE-2024-5189,https://securityvulnerability.io/vulnerability/CVE-2024-5189,Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-11T13:54:00.315Z,0
CVE-2024-5188,https://securityvulnerability.io/vulnerability/CVE-2024-5188,Elementor Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-06T11:03:03.438Z,0
CVE-2024-5073,https://securityvulnerability.io/vulnerability/CVE-2024-5073,Elementor Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-05-30T06:48:08.882Z,0
CVE-2024-4448,https://securityvulnerability.io/vulnerability/CVE-2024-4448,Elementor Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2024-4275,https://securityvulnerability.io/vulnerability/CVE-2024-4275,Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2024-4449,https://securityvulnerability.io/vulnerability/CVE-2024-4449,Elementor Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T15:43:00.000Z,0
CVE-2024-4624,https://securityvulnerability.io/vulnerability/CVE-2024-4624,Elementor Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-14T11:33:10.571Z,0
CVE-2024-3728,https://securityvulnerability.io/vulnerability/CVE-2024-3728,Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor Plugin,"The Essential Addons for Elementor plugin allows for stored cross-site scripting via its Filterable Gallery and Interactive Circle widgets due to a lack of proper input sanitization and output escaping on user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject malicious scripts into pages. These scripts execute when a user visits the affected page, potentially compromising user data and site integrity.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:53.633Z,0
CVE-2024-4156,https://securityvulnerability.io/vulnerability/CVE-2024-4156,Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor Plugin,"The Essential Addons for Elementor plugin for WordPress is affected by a stored cross-site scripting vulnerability. This issue arises from insufficient input sanitization and output escaping in the 'eael_event_text_color' parameter. Authenticated attackers with contributor-level permissions or higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute when any user accesses the compromised page, posing a significant risk to website security and data integrity.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-02T16:51:52.490Z,0
CVE-2024-4003,https://securityvulnerability.io/vulnerability/CVE-2024-4003,Stored Cross-Site Scripting in Essential Addons for Elementor by WP,"The Essential Addons for Elementor plugin, used for building advanced designs on WordPress sites, is susceptible to a Stored Cross-Site Scripting vulnerability. This issue arises in the Team Members widget, specifically through the eael_team_members_image_rounded parameter. Due to inadequate input sanitization and output escaping in all versions up to and including 5.9.15, authenticated attackers with contributor access and higher can exploit this flaw to inject malicious web scripts. The injected scripts may execute whenever a user accesses compromised pages, potentially leading to data theft, session hijacking, or further site exploitation.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:51.058Z,0
CVE-2024-3733,https://securityvulnerability.io/vulnerability/CVE-2024-3733,Elementor Vulnerability Exposes Private Posts to Unauthorized Access,"The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-25T08:29:00.282Z,0
CVE-2024-3333,https://securityvulnerability.io/vulnerability/CVE-2024-3333,Essential Addons for Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-17T11:34:23.338Z,0
CVE-2024-2623,https://securityvulnerability.io/vulnerability/CVE-2024-2623,Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Essential Addons for Elementor plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability through the countdown widget's message parameter, affecting all versions up to and including 5.9.11. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. Such scripts can execute whenever a user accesses a compromised page, potentially leading to unauthorized actions or data exposure.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:17.215Z,0
CVE-2024-2974,https://securityvulnerability.io/vulnerability/CVE-2024-2974,Sensitive Information Exposure in Essential Addons for Elementor by WordPress,"The Essential Addons for Elementor plugin for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to exploit the load_more function. This flaw can potentially expose sensitive information, including private and draft posts, to malicious individuals, posing a serious risk for website owners relying on the plugin for design and functionality.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:59:00.562Z,0
CVE-2024-2650,https://securityvulnerability.io/vulnerability/CVE-2024-2650,Stored Cross-Site Scripting in Essential Addons for Elementor,"The Essential Addons for Elementor plugin, widely used for creating custom templates and enhancing WooCommerce functionality within WordPress, is susceptible to Stored Cross-Site Scripting. This vulnerability arises from inadequate sanitization of user inputs via the alignment parameter in the Woo Product Carousel widget. As a result, authenticated users with contributor-level access or higher can insert malicious scripts into web pages, leading to potential exploitation when other users visit the affected pages. This situation emphasizes the necessity for stringent input validation and output escaping to safeguard against such vulnerabilities.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:56.390Z,0
CVE-2024-3018,https://securityvulnerability.io/vulnerability/CVE-2024-3018,Elementor Plugin Vulnerable to PHP Object Injection,"The Essential Addons for Elementor plugin, utilized in WordPress environments, is susceptible to a PHP Object Injection vulnerability that affects all versions up to and including 5.9.13. The issue arises from the insecure deserialization of untrusted input within the 'error_resetpassword' attribute in the 'Login | Register Form' widget, which is disabled by default. Authenticated attackers with author-level access can exploit this vulnerability to inject a malicious PHP object. If a vulnerable chain of PHP Object Pop (POP) is present due to additional plugins or themes, potential consequences include the ability to delete arbitrary system files, leak sensitive information, or execute unauthorized code, further compromising the target system's security.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-30T11:17:25.675Z,0
CVE-2024-1537,https://securityvulnerability.io/vulnerability/CVE-2024-1537,Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor Plugin,"The Essential Addons for Elementor plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its Data Table widget across all versions up to 5.9.9. This flaw arises from inadequate input sanitization and output escaping for user-supplied attributes, enabling authenticated attackers with contributor-level privileges or higher to inject arbitrary scripts into pages. These scripts execute when users access the compromised pages, potentially compromising user data and site integrity.",Wordpress,"Essential Addons For Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:59.753Z,0