Total
41277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24266 | 1 Posimyth | 1 The Plus Addons For Elementor Page Builder Lite | 2024-11-21 | 5.4 Medium |
| The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24265 | 1 Apollo13themes | 1 Rife Elementor Extensions \& Templates | 2024-11-21 | 5.4 Medium |
| The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24264 | 1 Blocksera | 1 Image Hover Effects | 2024-11-21 | 5.4 Medium |
| The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24263 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24262 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2024-11-21 | 5.4 Medium |
| The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24261 | 1 Hasthemes | 1 Ht Mega | 2024-11-21 | 5.4 Medium |
| The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24260 | 1 Livemeshelementor | 1 Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24259 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-21 | 5.4 Medium |
| The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24258 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2024-11-21 | 5.4 Medium |
| The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24257 | 1 Leap13 | 1 Premium Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24256 | 1 Brainstormforce | 1 Elementor - Header\, Footer \& Blocks Template | 2024-11-21 | 5.4 Medium |
| The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24255 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method. | ||||
| CVE-2021-24250 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 5.4 Medium |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. | ||||
| CVE-2021-24247 | 1 Mooveagency | 1 Contact Form Check Tester | 2024-11-21 | 5.4 Medium |
| The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin. | ||||
| CVE-2021-24246 | 1 Purethemes | 2 Workscout, Workscout Core | 2024-11-21 | 5.4 Medium |
| The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues | ||||
| CVE-2021-24245 | 1 Trumani | 1 Stop Spammers | 2024-11-21 | 6.1 Medium |
| The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. | ||||
| CVE-2021-24243 | 1 Wpbakery Page Builder Clipboard Project | 1 Wpbakery Page Builder Clipboard | 2024-11-21 | 5.4 Medium |
| An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages. | ||||
| CVE-2021-24241 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 6.1 Medium |
| The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. | ||||
| CVE-2021-24239 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 6.1 Medium |
| The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue. | ||||
| CVE-2021-24237 | 1 Purethemes | 2 Findeo, Realteo | 2024-11-21 | 6.1 Medium |
| The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue. | ||||