Vulnerabilities > Wpdeveloper

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-5188 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
2024-06-05 CVE-2024-5571 Cross-site Scripting vulnerability in Wpdeveloper Embedpress
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdeveloper CWE-79
5.4
2024-02-05 CVE-2024-0585 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL.
network
low complexity
wpdeveloper CWE-79
5.4
2024-02-05 CVE-2024-0586 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL.
network
low complexity
wpdeveloper CWE-79
5.4
2024-02-05 CVE-2024-0954 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols.
network
low complexity
wpdeveloper CWE-79
5.4
2024-01-15 CVE-2023-6623 Path Traversal vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
network
low complexity
wpdeveloper CWE-22
critical
9.8
2024-01-11 CVE-2023-7071 Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
2024-01-04 CVE-2023-7044 Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping.
network
low complexity
wpdeveloper CWE-79
5.4
2024-01-03 CVE-2023-6986 Cross-site Scripting vulnerability in Wpdeveloper Embedpress
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wpdeveloper CWE-79
5.4
2023-12-15 CVE-2023-49184 Cross-site Scripting vulnerability in Wpdeveloper Parallax Slider Block
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through 1.2.4.
network
low complexity
wpdeveloper CWE-79
5.4