cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forkata-plus kata-plus

Direction: ascending
Oct 29, 2024

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates # CVE-2024-50501

CVE, Research URL

CVE-2024-50501

Home page URL

Security reports for Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Application

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Date
Oct 28, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Climax Themes Kata Plus allows Stored XSS.This issue affects Kata Plus: from n/a through 1.4.7.
Affected versions
Min -, max -.
Status
vulnerable
Oct 30, 2024

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates # CVE-2024-9376

CVE, Research URL

CVE-2024-9376

Home page URL

Security reports for Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Application

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Date
Oct 29, 2024
Research Description
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions
Min -, max -.
Status
vulnerable
Apr 20, 2025

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates # CVE-2025-32572

CVE, Research URL

CVE-2025-32572

Home page URL

Security reports for Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Application

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Date
Apr 17, 2025
Research Description
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2.
Affected versions
Min -, max -.
Status
vulnerable
Jul 02, 2025

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates # CVE-2025-50009

CVE, Research URL

CVE-2025-50009

Home page URL

Security reports for Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Application

Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

Date
Jun 20, 2025
Research Description
Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.
Affected versions
Min -, max -.
Status
vulnerable