cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11224,https://securityvulnerability.io/vulnerability/CVE-2024-11224,Stored Cross-Site Scripting Vulnerability Affects Parallax Image Plugin for WordPress,"The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Parallax Image,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-11-19T12:45:28.507Z,0
CVE-2024-9898,https://securityvulnerability.io/vulnerability/CVE-2024-9898,Parallax Image Plugin Vulnerable to Stored Cross-Site Scripting,"The Parallax Image plugin for WordPress contains a vulnerability that allows attackers with contributor-level access or higher to execute arbitrary web scripts through the dd-parallax shortcode. This vulnerability arises from insufficient input sanitization and output escaping, which enables the injection of malicious code into web pages. When a user accesses a compromised page, the injected scripts execute, potentially compromising sensitive information and user sessions. The issue affects all versions up to and including 1.8, making it crucial for site administrators to ensure they are using updated and secure versions of the plugin.",Wordpress,Parallax Image,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-17T11:03:54.653Z,0
CVE-2022-4707,https://securityvulnerability.io/vulnerability/CVE-2022-4707,Cross-Site Request Forgery in Royal Elementor Addons for WordPress,"The Royal Elementor Addons plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit the 'wpr_create_mega_menu_template' AJAX function. The flaw arises from a lack of nonce validation, enabling attackers to manipulate an administrator into executing actions through deceptive links. This could lead to unauthorized creation of Mega Menu templates, compromising the integrity of the WordPress site.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,false,false,2023-01-10T16:55:51.653Z,0
CVE-2022-4701,https://securityvulnerability.io/vulnerability/CVE-2022-4701,Insufficient Access Control in Royal Elementor Addons for WordPress,"The Royal Elementor Addons plugin for WordPress suffers from a vulnerability that enables any authenticated user, including those with minimal permissions (like subscribers), to activate certain plugins such as 'contact-form-7', 'media-library-assistant', or 'woocommerce'. This weakness arises from inadequate restrictions in the 'wpr_activate_required_plugins' AJAX action, exposing WordPress sites to potential misuse by unauthorized individuals. This vulnerability underscores the importance of stringent access control measures in plugin development.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0018500000005587935,false,,false,false,false,,false,false,2023-01-10T16:55:47.253Z,0
CVE-2022-4703,https://securityvulnerability.io/vulnerability/CVE-2022-4703,Insufficient Access Control in Royal Elementor Addons for WordPress,"The Royal Elementor Addons plugin for WordPress contains a vulnerability due to insufficient access control in the 'wpr_reset_previous_import' AJAX action. This flaw enables authenticated users, including those with the lowest permission levels (such as subscribers), to reset previously imported data without proper authorization. As a result, unauthorized users can potentially manipulate site data, which poses risks for site integrity and security.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2023-01-10T16:55:42.835Z,0
CVE-2022-4705,https://securityvulnerability.io/vulnerability/CVE-2022-4705,Insufficient Access Control in Royal Elementor Addons Plugin for WordPress,"The Royal Elementor Addons plugin for WordPress is subject to a vulnerability that allows authenticated users, even those with subscriber-level permissions, to improperly finalize the activation of preset site configuration templates. This weakness is found in the 'wpr_final_settings_setup' AJAX action and impacts versions up to and including 1.3.59. The vulnerability is further related to the ability of users to select and import configuration templates through another vulnerable action, evidencing a significant lapse in access control mechanisms within the plugin.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-01-10T16:55:38.800Z,0
CVE-2022-4704,https://securityvulnerability.io/vulnerability/CVE-2022-4704,Insufficient Access Control in Royal Elementor Addons for WordPress,"The Royal Elementor Addons plugin for WordPress contains a vulnerability that enables insufficient access control in the 'wpr_import_templates_kit' AJAX action. This flaw, present in versions up to and including 1.3.59, permits any authenticated user, including those with minimal subscriber permissions, to import site configuration templates. This includes sensitive images and settings, potentially compromising the overall security and integrity of affected WordPress sites.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2023-01-10T16:55:34.177Z,0
CVE-2022-4710,https://securityvulnerability.io/vulnerability/CVE-2022-4710,Reflected Cross-Site Scripting Vulnerability in Royal Elementor Addons Plugin,"The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This vulnerability allows unauthenticated attackers to execute arbitrary web scripts within affected pages by tricking users into clicking malicious links, exploiting the limitations of 'sanitize_text_field' in preventing attribute-based Cross-Site Scripting.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",6.1,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-01-10T16:55:29.753Z,0
CVE-2022-4708,https://securityvulnerability.io/vulnerability/CVE-2022-4708,Insufficient Access Control in Royal Elementor Addons Plugin for WordPress,"The Royal Elementor Addons plugin for WordPress exhibits a significant vulnerability due to insufficient access control within the 'wpr_save_template_conditions' AJAX action. This flaw, present in versions up to and including 1.3.59, permits any authenticated user, regardless of their permission level, to alter template display conditions. Such unauthorized modifications could lead to security breaches and compromised site integrity.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-01-10T16:55:21.210Z,0
CVE-2022-4711,https://securityvulnerability.io/vulnerability/CVE-2022-4711,Insufficient Access Control in Royal Elementor Addons for WordPress,"The Royal Elementor Addons plugin for WordPress has a security weakness in its AJAX action named 'wpr_save_mega_menu_settings'. This issue permits any authenticated user, including those with minimal permissions, such as subscribers, to alter and manage Mega Menu settings across all menu items. This could lead to unauthorized changes that compromise the intended functionality and security of the website.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-01-10T16:55:15.181Z,0
CVE-2022-4702,https://securityvulnerability.io/vulnerability/CVE-2022-4702,Insufficient Access Control in Royal Elementor Addons for WordPress,"The Royal Elementor Addons plugin for WordPress suffers from an insufficient access control vulnerability in the 'wpr_fix_royal_compatibility' AJAX action. This flaw, present in versions up to and including 1.3.59, permits authenticated users, including those with only subscriber-level access, to deactivate any plugin on the site. The only exceptions are a very limited set of hardcoded plugins. Additionally, this vulnerability may lead the website to switch to the 'royal-elementor-kit' theme, which can cause significant availability issues for the affected site.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2023-01-10T16:55:10.309Z,0
CVE-2022-4700,https://securityvulnerability.io/vulnerability/CVE-2022-4700,Insufficient Access Control in Royal Elementor Addons Plugin for WordPress,"The Royal Elementor Addons plugin for WordPress has a flaw that allows authenticated users with subscriber-level permissions to activate the 'royal-elementor-kit' theme through the 'wpr_activate_required_theme' AJAX action. This vulnerability exists in versions up to and including 1.3.59. If the 'royal-elementor-kit' theme is not installed, this action can adversely affect site availability as the site may try to load a non-existent theme, leading to potential disruptions.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",5.4,MEDIUM,0.0018500000005587935,false,,false,false,false,,false,false,2023-01-10T16:55:05.323Z,0
CVE-2022-4709,https://securityvulnerability.io/vulnerability/CVE-2022-4709,Insufficient Access Control in Royal Elementor Addons Plugin for WordPress,"The Royal Elementor Addons plugin for WordPress contains a vulnerability due to insufficient access control in the 'wpr_import_library_template' AJAX action. This flaw affects versions up to and including 1.3.59, allowing any authenticated user, even those with only subscriber-level permissions, to import and activate templates from the plugin's library. This can lead to unauthorized modifications and potentially malicious activity on the affected WordPress sites.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-01-10T16:55:00.175Z,0
CVE-2022-4102,https://securityvulnerability.io/vulnerability/CVE-2022-4102,Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion,"The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",3.1,LOW,0.000539999979082495,false,,false,false,false,,false,false,2023-01-09T22:13:40.870Z,0
CVE-2022-4103,https://securityvulnerability.io/vulnerability/CVE-2022-4103,Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation,"The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title",Wordpress,"Royal Elementor Addons (elementor Templates, Post Grid, Mega Menu & Header Footer Builder, WooCommerce Builder, Product Grid, Slider, Parallax Image & Other Free Elementor Widgets)",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-09T22:13:38.512Z,0