Vulnerabilities > Posimyth > THE Plus Addons FOR Elementor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-02 | CVE-2024-3199 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-07 | CVE-2024-1419 | Cross-site Scripting vulnerability in Posimyth the Plus Addons for Elementor The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-03-07 | CVE-2021-4332 | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). | 6.5 |
| 2021-06-14 | CVE-2021-24351 | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users) | 6.1 |
| 2021-06-14 | CVE-2021-24358 | Unspecified vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. | 6.1 |
| 2021-06-14 | CVE-2021-24359 | Improper Authentication vulnerability in Posimyth the Plus Addons for Elementor The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. | 5.3 |