Vulnerabilities > Coolplugins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-11 | CVE-2024-52354 | Cross-site Scripting vulnerability in Coolplugins web Stories Widgets for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1. | 5.4 |
| 2024-02-07 | CVE-2024-0977 | Cross-site Scripting vulnerability in Coolplugins Timeline Widget for Elementor The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-07-12 | CVE-2021-4413 | Unspecified vulnerability in Coolplugins Process Steps Template Designer The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. | 4.3 |