Vulnerabilities and security researches forstratum stratum

Jun 07, 2024

CVE, Research URL: CVE-2024-29914
Home page URL: Security reports for Stratum – Elementor Widgets
Application: Stratum – Elementor Widgets
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15.
Affected versions: Min -, max -.
Status: vulnerable

Jun 17, 2024

CVE, Research URL: CVE-2024-5611
Home page URL: Security reports for Stratum – Elementor Widgets
Application: Stratum – Elementor Widgets
Date: Jun 15, 2024
Research Description: The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Nov 21, 2024

CVE, Research URL: CVE-2024-10316
Home page URL: Security reports for Stratum – Elementor Widgets
Application: Stratum – Elementor Widgets
Date: Nov 21, 2024
Research Description: The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

Feb 01, 2025

CVE, Research URL: CVE-2024-13642
Home page URL: Security reports for Stratum – Elementor Widgets
Application: Stratum – Elementor Widgets
Date: Jan 30, 2025
Research Description: The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 02, 2025

CVE, Research URL: CVE-2025-7845
Home page URL: Security reports for Stratum – Elementor Widgets
Application: Stratum – Elementor Widgets
Date: Aug 01, 2025
Research Description: The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable