Vulnerabilidades em roxnor
76 resultadosCVE-2025-10862HIGHPopup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id'EPSS 0.4%CVE-2024-37255MEDIUMWordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1238MEDIUMElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-10861HIGHPopup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request ForgeryEPSS 0.4%CVE-2025-14314HIGHWordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerabilityEPSS 0.3%CVE-2024-2803MEDIUMElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown WidgetEPSS 0.3%CVE-2025-60106MEDIUMWordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2025-1005MEDIUMElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion WidgetEPSS 0.3%CVE-2025-13620MEDIUMWp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter TamperingEPSS 0.3%CVE-2024-2791MEDIUMMetform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via WidgetsEPSS 0.3%CVE-2024-10091MEDIUMElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison WidgetEPSS 0.3%CVE-2026-2600MEDIUMElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab WidgetEPSS 0.3%CVE-2024-32505MEDIUMWordPress ElementsKit Elementor addons plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-14895MEDIUMPopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data DeletionEPSS 0.3%CVE-2026-2879MEDIUMGetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/DeletionEPSS 0.3%CVE-2025-14059MEDIUMEmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path TraversalEPSS 0.2%CVE-2025-3614MEDIUMElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom WidgetEPSS 0.2%CVE-2026-1925MEDIUMEmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title ModificationEPSS 0.2%CVE-2026-24356MEDIUMWordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-63057MEDIUMWordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%