Vulnerabilities > Ideabox > Powerpack Addons FOR Elementor > 2.7.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-5787 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-30 | CVE-2024-5327 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-2492 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-30 | CVE-2024-2491 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-29 | CVE-2024-1411 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-02-07 | CVE-2024-1055 | Cross-site Scripting vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. | 5.4 |
| 2024-01-03 | CVE-2023-6984 | Cross-Site Request Forgery (CSRF) vulnerability in Ideabox Powerpack Addons for Elementor The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. | 4.3 |
| 2023-12-14 | CVE-2023-49739 | Unspecified vulnerability in Ideabox Powerpack Addons for Elementor [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR] | 6.1 |