Elementor Header \& Footer Builder
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-2618 | Med | 0.42 | 6.4 | 0.00 | May 24, 2024 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-4634 | Med | 0.42 | 6.4 | 0.00 | May 16, 2024 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-1237 | Med | 0.42 | 6.4 | 0.01 | Mar 13, 2024 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-5757 | Med | 0.35 | 6.4 | 0.00 | Jun 13, 2024 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2024-2619 | Med | 0.33 | 5.0 | 0.00 | May 16, 2024 | The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and… | ||
| CVE-2024-10325 | 0.00 | — | 0.00 | Nov 8, 2024 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | |||
| CVE-2024-10050 | 0.00 | — | 0.00 | Oct 24, 2024 | The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view… | |||
| CVE-2021-24256 | 0.00 | — | 0.01 | May 5, 2021 | The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. |
- risk 0.42cvss 6.4epss 0.00
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.42cvss 6.4epss 0.00
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.42cvss 6.4epss 0.01
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This…
- risk 0.33cvss 5.0epss 0.00
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and…
- CVE-2024-10325Nov 8, 2024risk 0.00cvss —epss 0.00
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- CVE-2024-10050Oct 24, 2024risk 0.00cvss —epss 0.00
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view…
- CVE-2021-24256May 5, 2021risk 0.00cvss —epss 0.01
The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.