Vulnerabilities > Leap13 > Premium Addons > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-03-13 CVE-2024-1996 Cross-site Scripting vulnerability in Leap13 Premium Addons
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-03-13 CVE-2024-1997 Cross-site Scripting vulnerability in Leap13 Premium Addons
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-03-13 CVE-2024-2000 Cross-site Scripting vulnerability in Leap13 Premium Addons
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-03-13 CVE-2024-2237 Cross-site Scripting vulnerability in Leap13 Premium Addons
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-03-13 CVE-2024-2238 Cross-site Scripting vulnerability in Leap13 Premium Addons
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
network
low complexity
leap13 CWE-79
5.4
5.4
2024-03-13 CVE-2024-2239 Cross-site Scripting vulnerability in Leap13 Premium Addons
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping.
network
low complexity
leap13 CWE-79
5.4
5.4
2023-11-30 CVE-2023-37868 Unspecified vulnerability in Leap13 Premium Addons
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.
network
low complexity
leap13
6.5
6.5