Wpmet Elementskit
9 CVEs affecting Wpmet Elementskit. Latest disclosed: 2025-01-28. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3500 | High | 8.8 | 2024-05-02 | The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Adv… |
CVE-2024-4404 | High | 8.5 | 2024-06-14 | The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. Th… |
CVE-2024-43996 | Medium | 6.5 | 2024-09-23 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.Thi… |
CVE-2025-0321 | Medium | 6.4 | 2025-01-28 | The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3… |
CVE-2024-7064 | Medium | 6.4 | 2024-08-15 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to… |
CVE-2024-5263 | Medium | 6.4 | 2024-06-15 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and… |
CVE-2024-4452 | Medium | 6.4 | 2024-05-21 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to in… |
CVE-2024-3598 | Medium | 6.4 | 2024-04-19 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and includ… |
CVE-2024-7063 | Medium | 4.3 | 2024-08-15 | The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' funct… |