Wpmet

Elementskit

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-0321

  • EPSS 0.05%
  • Published 28.01.2025 08:15:29
  • Last modified 30.01.2025 17:39:45

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.5

CVE-2024-43996

  • EPSS 0.23%
  • Published 23.09.2024 01:15:11
  • Last modified 08.01.2025 16:16:57

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0.

5.4

CVE-2024-7064

  • EPSS 0.22%
  • Published 15.08.2024 06:15:12
  • Last modified 08.01.2025 20:30:58

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authentica...

4.3

CVE-2024-7063

  • EPSS 0.22%
  • Published 15.08.2024 06:15:11
  • Last modified 08.01.2025 20:33:37

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, ...

5.4

CVE-2024-5263

  • EPSS 0.15%
  • Published 15.06.2024 02:15:51
  • Last modified 21.11.2024 09:47:18

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user suppli...

9.6

CVE-2024-4404

  • EPSS 0.35%
  • Published 14.06.2024 06:15:12
  • Last modified 10.01.2025 16:48:29

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make...

5.4

CVE-2024-4452

  • EPSS 0.17%
  • Published 21.05.2024 14:15:12
  • Last modified 09.01.2025 17:46:34

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

8.8

CVE-2024-3500

  • EPSS 1.02%
  • Published 02.05.2024 17:15:26
  • Last modified 08.01.2025 21:22:53

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-...

5.4

CVE-2024-3598

  • EPSS 0.18%
  • Published 19.04.2024 02:15:11
  • Last modified 08.01.2025 17:26:13

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attr...