Vulnerabilities > Wpdeveloper
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-8742 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-11 | CVE-2024-8440 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-29 | CVE-2024-43936 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper EmbedPress allows Stored XSS.This issue affects EmbedPress: from n/a through 4.0.8. | 5.4 |
| 2024-08-13 | CVE-2024-43129 | Path Traversal vulnerability in Wpdeveloper Betterdocs Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8. | 8.8 |
| 2024-08-13 | CVE-2024-7092 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-21 | CVE-2023-51375 | Unspecified vulnerability in Wpdeveloper Embedpress Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | 8.8 |
| 2024-06-21 | CVE-2024-5058 | Unspecified vulnerability in Wpdeveloper Typing Text Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5. | 5.4 |
| 2024-06-13 | CVE-2024-1565 | Cross-site Scripting vulnerability in Wpdeveloper Embedpress The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-11 | CVE-2024-5189 | Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-09 | CVE-2024-31284 | Unspecified vulnerability in Wpdeveloper Embedpress Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8. | 9.8 |