Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical0
High0
Medium9
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2025-03-20

CVE-2025-2108 - Free Plugin

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Free

CVE-2025-2108

MEDIUM CVSS 6.4 2025-03-20
Open Full Technical Breakdown
Threat Entry Updated 2025-03-11

CVE-2024-13649 - Free Plugin

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Free

CVE-2024-13649

MEDIUM CVSS 6.4 2025-03-08
Open Full Technical Breakdown
Threat Entry Updated 2025-03-06

CVE-2024-12584 - Free Plugin

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.

PLUGIN Free

CVE-2024-12584

MEDIUM CVSS 4.3 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-08

CVE-2024-10319 - Free Plugin

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

PLUGIN Free

CVE-2024-10319

MEDIUM CVSS 4.3 2024-11-05
Open Full Technical Breakdown
Threat Entry Updated 2025-03-07

CVE-2024-7791 - Free Plugin

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Free

CVE-2024-7791

MEDIUM CVSS 6.4 2024-08-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4440 - Free Plugin

The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Free

CVE-2024-4440

MEDIUM CVSS 6.4 2024-05-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-2250 - Free Plugin

The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Free

CVE-2024-2250

MEDIUM CVSS 6.4 2024-03-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0633 - Free Plugin

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

PLUGIN Free

CVE-2022-0633

MEDIUM CVSS 6.5 2022-02-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24365 - Free Plugin

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.

PLUGIN Free

CVE-2021-24365

MEDIUM CVSS 5.4 2021-07-12
Open Full Technical Breakdown
Scroll to top