Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
posimyth the plus addons for elementor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35709
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a up to and...
NA
CVE-2023-47178
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a up to and including 5.2.8...
NA
CVE-2024-34373
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a up to and includ...
8.8
CVSSv3
CVE-2021-4331
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can ch...
Posimyth The Plus Addons For Elementor
6.5
CVSSv3
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for...
Posimyth The Plus Addons For Elementor
7.5
CVSSv3
CVE-2021-24948
The Plus Addons for Elementor - Pro WordPress plugin prior to 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
Posimyth The Plus Addons For Elementor
9.8
CVSSv3
CVE-2021-24949
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin prior to 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
Posimyth The Plus Addons For Elementor
6.1
CVSSv3
CVE-2021-24358
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Posimyth The Plus Addons For Elementor
6.1
CVSSv3
CVE-2021-24351
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
Posimyth The Plus Addons For Elementor
5.3
CVSSv3
CVE-2021-24359
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an malicious user to send an arbitrary reset password email to a registered user on behalf of the WordPress...
Posimyth The Plus Addons For Elementor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »