CVE-2025-22296
- EPSS 0.14%
- Veröffentlicht 07.01.2025 17:15:32
- Zuletzt bearbeitet 09.06.2025 19:30:55
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9.
CVE-2024-10802
- EPSS 1.25%
- Veröffentlicht 13.11.2024 04:15:04
- Zuletzt bearbeitet 05.06.2025 17:00:18
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauth...
CVE-2024-5177
- EPSS 0.36%
- Veröffentlicht 23.05.2024 06:15:11
- Zuletzt bearbeitet 05.06.2025 20:39:53
The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplie...
CVE-2024-30426
- EPSS 0.16%
- Veröffentlicht 29.03.2024 14:15:09
- Zuletzt bearbeitet 24.02.2025 12:31:39
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3.