Export limit exceeded: 366926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24272 | 1 Codeinitiator | 1 Fitness Calculators | 2024-11-21 | 4.3 Medium |
| The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue | ||||
| CVE-2021-24271 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24270 | 1 Detheme | 1 Dethemekit For Elementor | 2024-11-21 | 5.4 Medium |
| The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24269 | 1 Sinaextra | 1 Sina Extension For Elementor | 2024-11-21 | 5.4 Medium |
| The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24268 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2024-11-21 | 5.4 Medium |
| The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24267 | 1 Themesgrove | 1 All-in-one Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24266 | 1 Posimyth | 1 The Plus Addons For Elementor Page Builder Lite | 2024-11-21 | 5.4 Medium |
| The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24265 | 1 Apollo13themes | 1 Rife Elementor Extensions \& Templates | 2024-11-21 | 5.4 Medium |
| The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24264 | 1 Blocksera | 1 Image Hover Effects | 2024-11-21 | 5.4 Medium |
| The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24263 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24262 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2024-11-21 | 5.4 Medium |
| The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24261 | 1 Hasthemes | 1 Ht Mega | 2024-11-21 | 5.4 Medium |
| The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24260 | 1 Livemeshelementor | 1 Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24259 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-21 | 5.4 Medium |
| The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24258 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2024-11-21 | 5.4 Medium |
| The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24257 | 1 Leap13 | 1 Premium Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24256 | 1 Brainstormforce | 1 Elementor - Header\, Footer \& Blocks Template | 2024-11-21 | 5.4 Medium |
| The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | ||||
| CVE-2021-24255 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 5.4 Medium |
| The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method. | ||||
| CVE-2021-24254 | 1 College Publisher Import Project | 1 College Publisher Import | 2024-11-21 | 7.2 High |
| The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack. | ||||
| CVE-2021-24253 | 1 Classyfrieds Project | 1 Classyfrieds | 2024-11-21 | 8.8 High |
| The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. | ||||