cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10775,https://securityvulnerability.io/vulnerability/CVE-2024-10775,Information Exposure Vulnerability in Piotnet Addons for Elementor by WordPress,"The Piotnet Addons For Elementor plugin for WordPress is susceptible to an information exposure vulnerability in all versions up to and including 2.4.32. This vulnerability arises from inadequate restrictions on the 'pafe-template' shortcode, enabling authenticated attackers with Contributor-level access or higher to retrieve data from private or draft posts created by Elementor that they should not be able to access. This potential for unauthorized data extraction poses significant security concerns for users and developers alike.",Wordpress,Piotnet Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-15T09:25:54.399Z,0
CVE-2024-5502,https://securityvulnerability.io/vulnerability/CVE-2024-5502,Stored Cross-Site Scripting Vulnerability in Addons For Elementor Plugin,"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Piotnet Addons For Elementor,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-23T08:29:41.176Z,0
CVE-2024-5614,https://securityvulnerability.io/vulnerability/CVE-2024-5614,Sensitive Information Exposure in Piotnet Addons For Elementor Plugin,"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts.",Wordpress,Piotnet Addons For Elementor,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-27T11:13:36.446Z,0
CVE-2024-4262,https://securityvulnerability.io/vulnerability/CVE-2024-4262,Piotnet Addons For Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Piotnet Addons For Elementor plugin for WordPress has a vulnerability that allows Stored Cross-Site Scripting due to inadequate sanitization of user inputs on multiple widgets. Attackers with contributor-level access can exploit this flaw to inject malicious web scripts. These scripts will execute whenever a user accesses a compromised page, posing significant risks to website integrity and user data security. All versions up to and including 2.4.28 are impacted.",Wordpress,Piotnet Addons For Elementor,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-22T09:31:40.438Z,0
CVE-2024-4432,https://securityvulnerability.io/vulnerability/CVE-2024-4432,Piotnet Addons For Elementor Plugin Vulnerable to Stored Cross-Site Scripting,"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Piotnet Addons For Elementor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-18T09:39:37.829Z,0