Vulnerabilities > Devscred

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-0823 Cross-site Scripting vulnerability in Devscred Exclusive Addons for Elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
devscred CWE-79
5.4
2024-01-27 CVE-2024-0824 Cross-site Scripting vulnerability in Devscred Exclusive Addons for Elementor
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping.
network
low complexity
devscred CWE-79
5.4
2023-02-02 CVE-2022-45067 Cross-Site Request Forgery (CSRF) vulnerability in Devscred Exclusive Addons for Elementor
Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.
network
low complexity
devscred CWE-352
8.8