cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9530,https://securityvulnerability.io/vulnerability/CVE-2024-9530,Sensitive Information Exposure Vulnerability in Qi Addons For Elementor Plugin,"The Qi Addons for Elementor plugin for WordPress exhibits a vulnerability allowing sensitive information exposure due to improper handling of private templates. Authenticated users with Contributor-level access and above can exploit this weakness, enabling them to extract sensitive data contained within these templates. This poses a significant risk to users relying on this plugin for managing their website's content, as it potentially exposes confidential information to unauthorized parties.",Wordpress,Qi Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-23T07:34:54.225Z,0
CVE-2024-4887,https://securityvulnerability.io/vulnerability/CVE-2024-4887,Remote File Inclusion Vulnerability in Qi Addons For Elementor Plugin,"The Qi Addons For Elementor plugin for WordPress contains a vulnerability that allows Remote File Inclusion through the 'behavior' attributes in the qi_addons_for_elementor_blog_list shortcode. Attackers with Contributor-level access or higher can exploit this flaw to include arbitrary remote files on the server, potentially leading to unauthorized code execution. Successful exploitation hinges on the attacker being able to create a non-existent directory or finding a target instance where the file_exists function will not return false for a non-existent directory, facilitating the inclusion of malicious code.",Wordpress,Qi Addons For Elementor,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-07T03:21:56.432Z,0
CVE-2024-4364,https://securityvulnerability.io/vulnerability/CVE-2024-4364,Stored Cross-Site Scripting Vulnerability in Qi Addons For Elementor Plugin,"The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Qi Addons For Elementor,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2024-06-06T03:32:49.695Z,0
CVE-2024-3309,https://securityvulnerability.io/vulnerability/CVE-2024-3309,Stored Cross-Site Scripting Vulnerability in Qi Addons For Elementor Plugin,"The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Qi Addons For Elementor,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-27T09:37:56.084Z,0
CVE-2024-0826,https://securityvulnerability.io/vulnerability/CVE-2024-0826,Stored Cross-Site Scripting Vulnerability in Qi Addons For Elementor Plugin by WordPress,"The Qi Addons For Elementor plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping on attributes provided by users. This vulnerability affects all versions up to and including 1.6.7. Authenticated attackers with contributor permissions can exploit this flaw, allowing them to inject malicious web scripts into pages. These scripts execute whenever a user accesses the compromised page, posing significant risks to both users and site integrity.",Wordpress,Qi Addons For Elementor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:58:44.788Z,0