VYPR

Elementor Header \& Footer Builder

by Brainstormforce

CVEs (8)

  • CVE-2024-2618MedMay 24, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-4634MedMay 16, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-1237MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.01

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-5757MedJun 13, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-2619MedMay 16, 2024
    risk 0.33cvss 5.0epss 0.00

    The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and…

  • CVE-2024-10325Nov 8, 2024
    risk 0.00cvss epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-10050Oct 24, 2024
    risk 0.00cvss epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view…

  • CVE-2021-24256May 5, 2021
    risk 0.00cvss epss 0.01

    The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.