Vulnerabilities and security researches fordroit-elementor-addons droit-elementor-addons

Jun 06, 2024

CVE, Research URL: CVE-2024-2252
Home page URL: Security reports for Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
Application: Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
Date: Mar 13, 2024
Research Description: The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.1.5.
Status: vulnerable

CVE, Research URL: CVE-2024-22136
Home page URL: Security reports for Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
Application: Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder
Date: Jan 31, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5.
Affected versions: max 3.1.5.
Status: vulnerable