Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for PowerPack Addons for Elementor by Unknown
CVE-2021-25027 (GCVE-0-2021-25027)
Vulnerability from cvelistv5 – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:49
VLAI
Title
PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting
Summary
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/48612c44-151d-44… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2638073 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | PowerPack Addons for Elementor |
Affected:
2.6.2 , < 2.6.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2638073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPack Addons for Elementor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2638073"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPack Addons for Elementor \u003c 2.6.2 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25027",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor \u003c 2.6.2 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2638073",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2638073"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25027",
"datePublished": "2022-01-03T12:49:16.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24263 (GCVE-0-2021-24263)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
VLAI
Title
PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS
Summary
The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/04/recent-pat… | x_refsource_MISC |
| https://wpscan.com/vulnerability/48876006-b00f-49… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | PowerPack Addons for Elementor |
Affected:
2.3.2 , < 2.3.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPack Addons for Elementor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "2.3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u201cElementor Addons \u2013 PowerPack Addons for Elementor\u201d WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:28:46.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PowerPack Addons for Elementor \u003c 2.3.2 - Contributor+ Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24263",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor \u003c 2.3.2 - Contributor+ Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cElementor Addons \u2013 PowerPack Addons for Elementor\u201d WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24263",
"datePublished": "2021-05-05T18:28:46.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:22.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25027 (GCVE-0-2021-25027)
Vulnerability from nvd – Published: 2022-01-03 12:49 – Updated: 2024-08-03 19:49
VLAI
Title
PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting
Summary
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/48612c44-151d-44… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2638073 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | PowerPack Addons for Elementor |
Affected:
2.6.2 , < 2.6.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2638073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPack Addons for Elementor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2638073"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPack Addons for Elementor \u003c 2.6.2 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25027",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor \u003c 2.6.2 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/48612c44-151d-4438-b91c-c27e96174270"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2638073",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2638073"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25027",
"datePublished": "2022-01-03T12:49:16.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24263 (GCVE-0-2021-24263)
Vulnerability from nvd – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
VLAI
Title
PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS
Summary
The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/04/recent-pat… | x_refsource_MISC |
| https://wpscan.com/vulnerability/48876006-b00f-49… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | PowerPack Addons for Elementor |
Affected:
2.3.2 , < 2.3.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPack Addons for Elementor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "2.3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u201cElementor Addons \u2013 PowerPack Addons for Elementor\u201d WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:28:46.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PowerPack Addons for Elementor \u003c 2.3.2 - Contributor+ Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24263",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor \u003c 2.3.2 - Contributor+ Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cElementor Addons \u2013 PowerPack Addons for Elementor\u201d WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24263",
"datePublished": "2021-05-05T18:28:46.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:22.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}