Shodan
Vulnerabilities
Vulnerable Software
Wpthemespace:  >> Magical Addons For Elementor  >> 1.1.39  Security Vulnerabilities
CVE-2024-54212
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-12-06
CVE-2024-10352
The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the get_content_type function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-11-09
CVE-2024-51665
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
CVSS Score
4.9
EPSS Score
0.246
Published
2024-11-04
CVE-2024-38730
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-07-22
CVE-2024-38681
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-20
CVE-2024-5161
The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-06-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved