Themelooks

Enter Addons

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-25014

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 14:08:39
  • Zuletzt bearbeitet 03.02.2026 16:44:03

Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.

6.4

CVE-2025-8687

  • EPSS 0.04%
  • Veröffentlicht 13.12.2025 08:21:14
  • Zuletzt bearbeitet 15.12.2025 18:22:13

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user ...

5.4

CVE-2024-56252

  • EPSS 0.15%
  • Veröffentlicht 02.01.2025 12:15:26
  • Zuletzt bearbeitet 22.01.2025 17:44:01

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9.

4.3

CVE-2024-10868

  • EPSS 0.13%
  • Veröffentlicht 23.11.2024 04:15:07
  • Zuletzt bearbeitet 23.01.2025 16:58:10

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be incl...

5.4

CVE-2024-47625

  • EPSS 0.14%
  • Veröffentlicht 05.10.2024 14:15:03
  • Zuletzt bearbeitet 22.01.2025 22:01:13

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.

5.4

CVE-2024-7611

  • EPSS 0.19%
  • Veröffentlicht 06.09.2024 14:15:13
  • Zuletzt bearbeitet 26.09.2024 16:42:58

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanit...

5.4

CVE-2024-43225

  • EPSS 0.23%
  • Veröffentlicht 12.08.2024 22:15:12
  • Zuletzt bearbeitet 22.01.2025 22:11:05

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7.

5.4

CVE-2024-37263

  • EPSS 0.14%
  • Veröffentlicht 22.07.2024 09:15:06
  • Zuletzt bearbeitet 21.11.2024 09:23:29

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6.

5.4

CVE-2024-3831

  • EPSS 0.26%
  • Veröffentlicht 14.05.2024 15:42:24
  • Zuletzt bearbeitet 28.01.2025 03:13:30

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping...

5.4

CVE-2024-3680

  • EPSS 0.23%
  • Veröffentlicht 14.05.2024 15:42:02
  • Zuletzt bearbeitet 28.01.2025 03:17:35

The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization a...