cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12205,https://securityvulnerability.io/vulnerability/CVE-2024-12205,Stored Cross-Site Scripting in Themesflat Addons for Elementor by WordPress,"The Themesflat Addons For Elementor plugin for WordPress contains a vulnerability that allows for stored cross-site scripting (XSS) attacks through the TF E Slider Widget. This vulnerability arises from insufficient input sanitization and output escaping, allowing authenticated users with Contributor-level access and higher to inject arbitrary web scripts. These scripts will execute when other users access affected pages, potentially leading to unauthorized actions and data exposure. It is crucial for website administrators to update the plugin to mitigate this risk.",Wordpress,Themesflat Addons For Elementor,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-08T04:17:58.274Z,0
CVE-2024-8516,https://securityvulnerability.io/vulnerability/CVE-2024-8516,Vulnerability in Addons For Elementor plugin allows limited post information extraction by authenticated attackers,"The Themesflat Addons for Elementor plugin for WordPress is susceptible to an information exposure flaw that affects all versions up to 2.2.1. This vulnerability arises due to improper handling in the render() function, permitting authenticated users with Contributor-level permissions or higher to access sensitive details from draft and scheduled posts. Such unauthorized information extraction poses a significant risk to the confidentiality of unpublished content on WordPress sites utilizing this plugin.",Wordpress,Themesflat Addons For Elementor,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-09-25T03:27:40.542Z,0
CVE-2024-8515,https://securityvulnerability.io/vulnerability/CVE-2024-8515,Stored Cross-Site Scripting Vulnerability Affects Themesflat Addons For Elementor Plugin,"The Themesflat Addons For Elementor plugin for WordPress exhibits a vulnerability that enables Stored Cross-Site Scripting through various widgets such as 'TF E Slider Widget', 'TF Video Widget', and 'TF Team Widget'. This vulnerability arises from inadequate input sanitization and output escaping on URL attributes found within the plugin. Authenticated attackers with Contributor-level access can exploit this security flaw to inject arbitrary web scripts into pages, which will execute whenever a user accesses a compromised page. This presents potential risks for users by exposing them to malicious scripts integrated into the content.",Wordpress,Themesflat Addons For Elementor,5.4,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2024-09-25T03:27:39.268Z,0
CVE-2024-4458,https://securityvulnerability.io/vulnerability/CVE-2024-4458,Arbitrary Web Script Injection Vulnerability in Themesflat Addons For Elementor Plugin,"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Themesflat Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-06T03:32:55.900Z,0
CVE-2024-4212,https://securityvulnerability.io/vulnerability/CVE-2024-4212,Stored Cross-Site Scripting Vulnerability in Themesflat Addons For Elementor Plugin,"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Themesflat Addons For Elementor,5.4,MEDIUM,0.000750000006519258,false,,false,false,false,,false,false,2024-06-06T03:32:55.411Z,0
CVE-2024-4459,https://securityvulnerability.io/vulnerability/CVE-2024-4459,Stored Cross-Site Scripting Vulnerability in Themesflat Addons For Elementor Plugin,"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Themesflat Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-06T03:32:54.427Z,0
CVE-2024-2922,https://securityvulnerability.io/vulnerability/CVE-2024-2922,Arbitrary Web Script Injection Vulnerability in Themesflat Addons For Elementor Plugin,"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Themesflat Addons For Elementor,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-06T03:32:51.439Z,0