cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10312,https://securityvulnerability.io/vulnerability/CVE-2024-10312,Sensitive Information Exposure in Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",Wordpress,Exclusive Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-29T07:30:55.243Z,0
CVE-2024-5332,https://securityvulnerability.io/vulnerability/CVE-2024-5332,Stored Cross-Site Scripting Vulnerability in Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-26T05:40:24.171Z,0
CVE-2024-4618,https://securityvulnerability.io/vulnerability/CVE-2024-4618,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-05-15T01:56:53.841Z,0
CVE-2024-2751,https://securityvulnerability.io/vulnerability/CVE-2024-2751,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exad_infobox_animating_mask_style’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:49.617Z,0
CVE-2024-3489,https://securityvulnerability.io/vulnerability/CVE-2024-3489,Reflected Cross-Site Scripting in Exclusive Addons for Elementor Plugin by WordPress,"The Exclusive Addons for Elementor plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping methods in the Countdown Expired Title feature. This vulnerability allows unauthenticated attackers to inject malicious web scripts into pages, which can be executed if a user unwittingly clicks on a crafted link, potentially compromising user security and data integrity.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:14.525Z,0
CVE-2024-2750,https://securityvulnerability.io/vulnerability/CVE-2024-2750,Stored Cross-Site Scripting in Exclusive Addons for Elementor Plugin by WordPress,"The Exclusive Addons for Elementor plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This flaw affects all versions up to and including 2.6.9.3, allowing authenticated attackers with contributor access or higher to inject arbitrary web scripts through the URL attribute of the Button widget. Consequently, any user who accesses the compromised page may unknowingly execute these scripts, exposing them to various security risks.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:56.433Z,0
CVE-2024-2503,https://securityvulnerability.io/vulnerability/CVE-2024-2503,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor by WordPress,"The Exclusive Addons for Elementor plugin for WordPress suffers from a Stored Cross-Site Scripting (XSS) vulnerability through its Post Grid Widget. This issue arises from inadequate input sanitization and output escaping, enabling authenticated attackers with contributor-level access to inject malicious web scripts. The injected scripts execute on pages affected by this vulnerability when accessed by users, potentially compromising their data and session information.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-05-02T16:51:54.571Z,0
CVE-2024-3985,https://securityvulnerability.io/vulnerability/CVE-2024-3985,Stored Cross-Site Scripting in Exclusive Addons for Elementor Plugin by WordPress,"The Exclusive Addons for Elementor plugin allows authenticated attackers, with contributor-level access or higher, to exploit a Stored Cross-Site Scripting vulnerability through the Call to Action widget. This occurs due to inadequate input sanitization and output escaping on user-supplied attributes, enabling the injection of arbitrary web scripts. The malicious scripts are executed whenever a user accesses an affected page, potentially compromising user data and site integrity.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:52.006Z,0
CVE-2024-1413,https://securityvulnerability.io/vulnerability/CVE-2024-1413,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:25.197Z,0
CVE-2024-2028,https://securityvulnerability.io/vulnerability/CVE-2024-2028,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:17.490Z,0
CVE-2024-1414,https://securityvulnerability.io/vulnerability/CVE-2024-1414,Stored Cross-Site Scripting in Exclusive Addons for Elementor Plugin by WordPress,"The Exclusive Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting attacks through the Call To Action widget. This vulnerability arises due to inadequate input sanitization and output escaping, allowing authenticated attackers with a contributor-level role or higher to inject malicious scripts. These scripts may execute when users access pages that have been compromised, potentially leading to unauthorized actions or data disclosure.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:55.395Z,0
CVE-2024-1234,https://securityvulnerability.io/vulnerability/CVE-2024-1234,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin by WordPress,"The Exclusive Addons for Elementor plugin for WordPress suffers from a vulnerability that allows authenticated attackers with contributor access or higher to perform Stored Cross-Site Scripting. This issue arises from inadequate input sanitization and output escaping within the plugin, specifically through the manipulation of data attributes. Consequently, attackers can inject arbitrary web scripts that are executed whenever a user accesses the compromised pages, potentially leading to session hijacking, defacement, or further exploitation of site visitors.",Wordpress,Exclusive Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:35.418Z,0
CVE-2024-0823,https://securityvulnerability.io/vulnerability/CVE-2024-0823,Stored Cross-Site Scripting in Exclusive Addons for Elementor Plugin by WordPress,"The Exclusive Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'Link To' URL in carousel elements. This vulnerability arises from inadequate input sanitization and output escaping concerning user-supplied attributes. Authenticated attackers with contributor-level or higher permissions can exploit this issue to inject malicious web scripts into pages, which will execute whenever a user views the compromised page, potentially leading to unauthorized actions or data exposure.",Wordpress,Exclusive Addons for Elementor,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:38.824Z,0
CVE-2024-0824,https://securityvulnerability.io/vulnerability/CVE-2024-0824,Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor Plugin,"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting through its Link Anything feature. All versions up to and including 2.6.8 lack adequate input sanitization and output escaping, allowing authenticated attackers with contributor-level access or higher to inject malicious web scripts. These scripts are executed whenever users access crafted pages, potentially compromising user data and integrity.",Wordpress,Exclusive Addons for Elementor,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-27T04:31:30.268Z,0