Wpmet

Elementskit

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-0321

  • EPSS 0.05%
  • Veröffentlicht 28.01.2025 08:15:29
  • Zuletzt bearbeitet 30.01.2025 17:39:45

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.5

CVE-2024-43996

  • EPSS 0.23%
  • Veröffentlicht 23.09.2024 01:15:11
  • Zuletzt bearbeitet 08.01.2025 16:16:57

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0.

5.4

CVE-2024-7064

  • EPSS 0.22%
  • Veröffentlicht 15.08.2024 06:15:12
  • Zuletzt bearbeitet 08.01.2025 20:30:58

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authentica...

4.3

CVE-2024-7063

  • EPSS 0.22%
  • Veröffentlicht 15.08.2024 06:15:11
  • Zuletzt bearbeitet 08.01.2025 20:33:37

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, ...

5.4

CVE-2024-5263

  • EPSS 0.15%
  • Veröffentlicht 15.06.2024 02:15:51
  • Zuletzt bearbeitet 21.11.2024 09:47:18

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user suppli...

9.6

CVE-2024-4404

  • EPSS 0.35%
  • Veröffentlicht 14.06.2024 06:15:12
  • Zuletzt bearbeitet 10.01.2025 16:48:29

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make...

5.4

CVE-2024-4452

  • EPSS 0.17%
  • Veröffentlicht 21.05.2024 14:15:12
  • Zuletzt bearbeitet 09.01.2025 17:46:34

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

8.8

CVE-2024-3500

  • EPSS 1.02%
  • Veröffentlicht 02.05.2024 17:15:26
  • Zuletzt bearbeitet 08.01.2025 21:22:53

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-...

5.4

CVE-2024-3598

  • EPSS 0.18%
  • Veröffentlicht 19.04.2024 02:15:11
  • Zuletzt bearbeitet 08.01.2025 17:26:13

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attr...