- Published on
-
Mar 20, 2024
- Research Description
-
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
Min -, max 1.5.
| Previous vulnerability researches |
|
WPBITS Addons For Elementor Page Builder
(CVE-2024-4862)
, Jul 10, 2024
|
|
WPBITS Addons For Elementor Page Builder
(CVE-2024-8962)
, Dec 06, 2024
|
|
WPBITS Addons For Elementor Page Builder
(CVE-2024-37945)
, Jul 14, 2024
|
|
WPBITS Addons For Elementor Page Builder
(CVE-2024-2129)
, Jun 06, 2024
|
|
WPBITS Addons For Elementor Page Builder
(CVE-2024-32593)
, Jun 06, 2024
|
| New vulnerability |
|
Zephyr Admin Theme
(CVE-2025-22814)
, Jan 10, 2025
|
|
Responsive Flickr Slideshow
(CVE-2025-22807)
, Jan 10, 2025
|
|
Action Network
(CVE-2024-12394)
, Jan 10, 2025
|
|
SimplyRETS Real Estate IDX
(CVE-2024-12491)
, Jan 10, 2025
|
|
SKT Page Builder
(CVE-2024-12848)
, Jan 10, 2025
|