Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
posimyth the plus addons for elementor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-4331
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can ch...
Posimyth The Plus Addons For Elementor
NA
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for...
Posimyth The Plus Addons For Elementor
445
VMScore
CVE-2021-24948
The Plus Addons for Elementor - Pro WordPress plugin prior to 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
Posimyth The Plus Addons For Elementor
668
VMScore
CVE-2021-24949
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin prior to 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
Posimyth The Plus Addons For Elementor
668
VMScore
CVE-2021-24175
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as creat...
Posimyth The Plus Addons For Elementor
383
VMScore
CVE-2021-24351
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
Posimyth The Plus Addons For Elementor
516
VMScore
CVE-2021-24358
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Posimyth The Plus Addons For Elementor
446
VMScore
CVE-2021-24359
The Plus Addons for Elementor Page Builder WordPress plugin prior to 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an malicious user to send an arbitrary reset password email to a registered user on behalf of the WordPress...
Posimyth The Plus Addons For Elementor
NA
CVE-2023-47178
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a up to and including 5.2.8...
NA
CVE-2024-34373
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a up to and includ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started