Vulnerabilities > Quomodosoft > Elementsready > 2.1

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-10356 Information Exposure vulnerability in Quomodosoft Elementsready
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php.
network
low complexity
quomodosoft CWE-200
4.3
4.3
2024-12-09 CVE-2024-54224 Cross-site Scripting vulnerability in Quomodosoft Elementsready
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7.
network
low complexity
quomodosoft CWE-79
5.4
5.4
2024-11-09 CVE-2024-51787 Cross-site Scripting vulnerability in Quomodosoft Elementsready
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3.
network
low complexity
quomodosoft CWE-79
5.4
5.4
2024-10-16 CVE-2024-9444 Cross-site Scripting vulnerability in Quomodosoft Elementsready
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping.
network
low complexity
quomodosoft CWE-79
5.4
5.4
2024-10-11 CVE-2024-47353 Open Redirect vulnerability in Quomodosoft Elementsready
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.
network
low complexity
quomodosoft CWE-601
6.1
6.1
2024-10-06 CVE-2024-47329 Cross-site Scripting vulnerability in Quomodosoft Elementsready
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.
network
low complexity
quomodosoft CWE-79
5.4
5.4
2024-06-06 CVE-2024-5152 Cross-site Scripting vulnerability in Quomodosoft Elementsready
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping.
network
low complexity
quomodosoft CWE-79
5.4
5.4
2024-05-06 CVE-2024-34374 Unspecified vulnerability in Quomodosoft Elementsready
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0.
network
low complexity
quomodosoft
5.4
5.4