Vulnerabilities > Brainstormforce > Elementor Header Footer Builder > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-23	CVE-2024-11230	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-11-08	CVE-2024-10325	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-10-24	CVE-2024-10050	Unspecified vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. network low complexity brainstormforce	4.3
2024-05-24	CVE-2024-2618	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-05-16	CVE-2024-2619	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-05-16	CVE-2024-4634	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4
2024-03-13	CVE-2024-1237	Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. network low complexity brainstormforce CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.