Vulnerabilities > Codeless > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-30 | CVE-2024-53786 | Cross-site Scripting vulnerability in Codeless Cowidgets Elementor Addons Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.2.0. | 5.4 |
| 2024-11-09 | CVE-2024-10779 | Unspecified vulnerability in Codeless Cowidgets Elementor Addons The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-8960 | Cross-site Scripting vulnerability in Codeless Cowidgets Elementor Addons The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-04 | CVE-2024-35782 | Unspecified vulnerability in Codeless Cowidgets - Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. | 5.4 |
| 2024-06-04 | CVE-2024-4697 | Cross-site Scripting vulnerability in Codeless Cowidgets Elementor Addons The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. | 5.4 |