VYPR

Cowidgets

by WordPress

CVEs (3)

  • CVE-2024-5179HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.01

    The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to…

  • CVE-2024-4697MedJun 4, 2024
    risk 0.42cvss 6.4epss 0.00

    The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-10779Nov 9, 2024
    risk 0.00cvss epss 0.00

    The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated…