La-Studioweb La-Studio Element Kit For Elementor vulnerabilities
2 known vulnerabilities affecting la-studioweb/la-studio_element_kit_for_elementor.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-2249P4MEDIUMCVSS 5.4fixed in 1.3.7.52024-03-14
CVE-2024-2249 [MEDIUM] CWE-79 CVE-2024-2249: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scri
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with con
nvd
CVE-2024-10787P4MEDIUMCVSS 4.3fixed in 1.4.52024-12-04
CVE-2024-10787 [MEDIUM] CWE-639 CVE-2024-10787: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure i
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract
nvd