Vulnerabilities > Detheme > Dethemekit FOR Elementor > 1.5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-14 | CVE-2025-1526 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. | 5.4 |
| 2025-02-17 | CVE-2025-26772 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS. | 5.4 |
| 2025-02-13 | CVE-2025-0661 | Unspecified vulnerability in Detheme Dethemekit for Elementor The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. | 4.3 |
| 2025-02-13 | CVE-2024-13644 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-05 | CVE-2024-47632 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7. | 5.4 |
| 2024-05-31 | CVE-2024-5418 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-18 | CVE-2024-4374 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-17 | CVE-2024-34575 | Cross-site Scripting vulnerability in Detheme Dethemekit for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.2. | 5.4 |
| 2024-04-17 | CVE-2024-32508 | Unspecified vulnerability in Detheme Dethemekit for Elementor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.0.2. | 5.4 |