Ideabox Powerpack Addons For Elementor vulnerabilities
11 known vulnerabilities affecting ideabox/powerpack_addons_for_elementor.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2023-49739P2MEDIUMCVSS 6.1Exploitedfixed in 2.9.242023-12-14
CVE-2023-49739 [MEDIUM] CVE-2023-49739: Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23.
nvd
CVE-2024-3668P3HIGHCVSS 8.8fixed in 2.10.182024-06-08
CVE-2024-3668 [HIGH] CWE-732 CVE-2024-3668: The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all ve
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to creat
nvd
CVE-2021-24263P4MEDIUMCVSS 5.4fixed in 2.3.22021-05-05
CVE-2021-24263 [MEDIUM] CWE-79 CVE-2021-24263: The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress
The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
nvd
CVE-2024-1055P4MEDIUMCVSS 5.4fixed in 2.7.152024-02-07
CVE-2024-1055 [MEDIUM] CWE-79 CVE-2024-1055: The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with
nvd
CVE-2024-5787P4MEDIUMCVSS 5.4fixed in 2.7.212024-06-13
CVE-2024-5787 [MEDIUM] CWE-79 CVE-2024-5787: The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att
nvd
CVE-2024-5327P4MEDIUMCVSS 5.4fixed in 2.7.202024-05-30
CVE-2024-5327 [MEDIUM] CWE-79 CVE-2024-5327: The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘pp_animated_gradient_bg_color’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke
nvd
CVE-2024-1411P4MEDIUMCVSS 5.4fixed in 2.7.162024-02-29
CVE-2024-1411 [MEDIUM] CWE-79 CVE-2024-1411: The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec
nvd
CVE-2024-2492P4MEDIUMCVSS 5.4fixed in 2.7.192024-04-09
CVE-2024-2492 [MEDIUM] CWE-79 CVE-2024-2492: The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web sc
nvd
CVE-2024-2491P4MEDIUMCVSS 5.4fixed in 2.7.182024-03-30
CVE-2024-2491 [MEDIUM] CWE-79 CVE-2024-2491: The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in
nvd
CVE-2021-25027P4MEDIUMCVSS 6.1fixed in 2.6.22022-01-03
CVE-2021-25027 [MEDIUM] CWE-79 CVE-2021-25027: The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
nvd
CVE-2023-6984P4MEDIUMCVSS 4.3fixed in 2.7.142024-01-03
CVE-2023-6984 [MEDIUM] CWE-352 CVE-2023-6984: The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthent
nvd