Vulnerabilities > Themelooks

DATE CVE VULNERABILITY TITLE RISK
2025-01-02 CVE-2024-56252 Cross-site Scripting vulnerability in Themelooks Enter Addons
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9.
network
low complexity
themelooks CWE-79
5.4
5.4
2024-11-23 CVE-2024-10868 Authorization Bypass Through User-Controlled Key vulnerability in Themelooks Enter Addons
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included.
network
low complexity
themelooks CWE-639
4.3
4.3
2024-11-06 CVE-2024-9307 Unrestricted Upload of File with Dangerous Type vulnerability in Themelooks Mfolio
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1.
network
low complexity
themelooks CWE-434
8.8
8.8
2024-10-05 CVE-2024-47625 Cross-site Scripting vulnerability in Themelooks Enter Addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8.
network
low complexity
themelooks CWE-79
5.4
5.4
2024-09-06 CVE-2024-7611 Cross-site Scripting vulnerability in Themelooks Enter Addons
The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themelooks CWE-79
5.4
5.4
2024-08-12 CVE-2024-43225 Cross-site Scripting vulnerability in Themelooks Enter Addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7.
network
low complexity
themelooks CWE-79
5.4
5.4
2024-07-22 CVE-2024-37263 Cross-site Scripting vulnerability in Themelooks Enter Addons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeLooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.6.
network
low complexity
themelooks CWE-79
5.4
5.4