← Back

Codeless

codeless

7 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Cowidgets Elementor Addons
cowidgets_elementor_addons
5 CVEs
Cowidgets Elementor
cowidgets_-_elementor
1 CVE
Cowidgets
cowidgets
1 CVE

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-53786
1Codeless
1Cowidgets Elementor Addons
Apr 23, 2026
Nov 30, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elem...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through <= 1.2.0.Show less
CVE-2024-8960
1Codeless
1Cowidgets Elementor Addons
Jan 29, 2025
Nov 9, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escapi...Show more
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.Show less
CVE-2024-10779
1Codeless
1Cowidgets Elementor Addons
Jan 29, 2025
Nov 9, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can...Show more
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.Show less
CVE-2024-37419
1Codeless
1Cowidgets
Nov 21, 2024
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a throug...Show more
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.Show less
CVE-2024-5179
1Codeless
1Cowidgets Elementor Addons
Apr 8, 2026
Jun 6, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticate...Show more
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. CVE-2024-37419 is likely a duplicate of this issue.Show less
CVE-2024-35782
1Codeless
1Cowidgets Elementor
Nov 21, 2024
Jun 4, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n...Show more
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.Show less
CVE-2024-4697
1Codeless
1Cowidgets Elementor Addons
Apr 8, 2026
Jun 4, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and ou...Show more
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35782 is likely a duplicate of this issue.Show less