VYPR

Elementor Header \& Footer Builder

by WordPress

CVEs (4)

  • CVE-2024-1237MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.01

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-5757MedJun 13, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-10325Nov 8, 2024
    risk 0.00cvss epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-10050Oct 24, 2024
    risk 0.00cvss epss 0.00

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view…