Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-08
CVE-2024-2650 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-2650
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-2623 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-2623
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1536 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-1536
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1537 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-1537
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1276 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-1276
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1236 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-1236
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1172 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-1172
Risk Score
Threat Entry
Updated 2025-01-08
CVE-2024-1171 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-1171
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0954 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-0954
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0586 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-0586
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-0585 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2024-0585
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-7044 - Woocommerce Builders Plugin
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce Builders
CVE-2023-7044
Risk Score