Cowidgets Elementor Addons
by Codeless
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5179 | Hig | 0.57 | 8.8 | 0.01 | Jun 6, 2024 | The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to… | ||
| CVE-2024-53786 | Med | 0.42 | 6.5 | 0.00 | Nov 30, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through <= 1.2.0. | ||
| CVE-2024-4697 | Med | 0.42 | 6.4 | 0.00 | Jun 4, 2024 | The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-8960 | 0.00 | — | 0.00 | Nov 9, 2024 | The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | |||
| CVE-2024-37419 | 0.00 | — | 0.01 | Jul 9, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. | |||
| CVE-2024-35782 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. |
- risk 0.57cvss 8.8epss 0.01
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through <= 1.2.0.
- risk 0.42cvss 6.4epss 0.00
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2024-8960Nov 9, 2024risk 0.00cvss —epss 0.00
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- CVE-2024-37419Jul 9, 2024risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.
- CVE-2024-35782Jun 4, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.