cleantalk

Vulnerabilities and Security Researches

Vulnerabilities and security researches for hash-elements

Direction: descending

Jan 09, 2025

Hash Elements # CVE-2025-22296

CVE, Research URL

CVE-2025-22296

Home page URL

Security reports for Hash Elements

Application

Hash Elements

Date
Jan 07, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9.
Affected versions
Min -, max -.
Status
vulnerable

Nov 14, 2024

Hash Elements # CVE-2024-10802

CVE, Research URL

CVE-2024-10802

Home page URL

Security reports for Hash Elements

Application

Hash Elements

Date
Nov 13, 2024
Research Description
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.
Affected versions
Min -, max -.
Status
vulnerable

Jun 07, 2024

Hash Elements # CVE-2024-30426

CVE, Research URL

CVE-2024-30426

Home page URL

Security reports for Hash Elements

Application

Hash Elements

Date
Mar 29, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3.
Affected versions
Min -, max -.
Status
vulnerable

Hash Elements # CVE-2024-5177

CVE, Research URL

CVE-2024-5177

Home page URL

Security reports for Hash Elements

Application

Hash Elements

Date
May 23, 2024
Research Description
The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable