Vulnerabilities > Nicheaddons > Charity Addon FOR Elementor > 1.2.4

DATE CVE VULNERABILITY TITLE RISK
2024-12-03 CVE-2024-12062 Authorization Bypass Through User-Controlled Key vulnerability in Nicheaddons Charity Addon for Elementor
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
nicheaddons CWE-639
4.3
4.3
2024-11-19 CVE-2024-51938 Cross-site Scripting vulnerability in Nicheaddons Charity Addon for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2.
network
low complexity
nicheaddons CWE-79
5.4
5.4
2024-10-06 CVE-2024-44026 Cross-site Scripting vulnerability in Nicheaddons Charity Addon for Elementor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0.
network
low complexity
nicheaddons CWE-79
5.4
5.4