Search
Find a vulnerability
Search criteria
4 vulnerabilities found for rife_elementor_extensions_\&_templates by apollo13themes
CVE-2024-5504 (GCVE-0-2024-5504)
Vulnerability from nvd – Published: 2024-07-02 07:37 – Updated: 2026-04-08 16:43
VLAI
Title
Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget
Summary
The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| apollo13themes | Rife Extensions & Templates for Elementor |
Affected:
0 , ≤ 1.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-06T03:06:13.291754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-06T03:06:23.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:05.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3109903/#file1"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/rife-elementor-extensions/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rife Extensions \u0026 Templates for Elementor",
"vendor": "apollo13themes",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rife Elementor Extensions \u0026 Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027tag\u0027 attribute within the plugin\u0027s Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:43.573Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3109903/#file1"
},
{
"url": "https://wordpress.org/plugins/rife-elementor-extensions/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-01T19:26:57.000Z",
"value": "Disclosed"
}
],
"title": "Rife Elementor Extensions \u0026 Templates \u003c= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5504",
"datePublished": "2024-07-02T07:37:03.053Z",
"dateReserved": "2024-05-29T21:17:02.171Z",
"dateUpdated": "2026-04-08T16:43:43.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24265 (GCVE-0-2021-24265)
Vulnerability from nvd – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
VLAI
Title
Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
Summary
The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/04/recent-pat… | x_refsource_MISC |
| https://wpscan.com/vulnerability/9f4771dc-80b5-49… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Rife Elementor Extensions & Templates |
Affected:
1.1.6 , < 1.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rife Elementor Extensions \u0026 Templates",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.6",
"status": "affected",
"version": "1.1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u201cRife Elementor Extensions \u0026 Templates\u201d WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:28:47.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rife Elementor Extensions \u0026 Templates \u003c 1.1.6 - Contributor+ Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24265",
"STATE": "PUBLIC",
"TITLE": "Rife Elementor Extensions \u0026 Templates \u003c 1.1.6 - Contributor+ Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rife Elementor Extensions \u0026 Templates",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.6",
"version_value": "1.1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cRife Elementor Extensions \u0026 Templates\u201d WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24265",
"datePublished": "2021-05-05T18:28:47.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:22.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5504 (GCVE-0-2024-5504)
Vulnerability from cvelistv5 – Published: 2024-07-02 07:37 – Updated: 2026-04-08 16:43
VLAI
Title
Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget
Summary
The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| apollo13themes | Rife Extensions & Templates for Elementor |
Affected:
0 , ≤ 1.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-06T03:06:13.291754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-06T03:06:23.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:05.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3109903/#file1"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/rife-elementor-extensions/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rife Extensions \u0026 Templates for Elementor",
"vendor": "apollo13themes",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rife Elementor Extensions \u0026 Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027tag\u0027 attribute within the plugin\u0027s Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:43.573Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3109903/#file1"
},
{
"url": "https://wordpress.org/plugins/rife-elementor-extensions/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-01T19:26:57.000Z",
"value": "Disclosed"
}
],
"title": "Rife Elementor Extensions \u0026 Templates \u003c= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5504",
"datePublished": "2024-07-02T07:37:03.053Z",
"dateReserved": "2024-05-29T21:17:02.171Z",
"dateUpdated": "2026-04-08T16:43:43.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24265 (GCVE-0-2021-24265)
Vulnerability from cvelistv5 – Published: 2021-05-05 18:28 – Updated: 2024-08-03 19:28
VLAI
Title
Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS
Summary
The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/04/recent-pat… | x_refsource_MISC |
| https://wpscan.com/vulnerability/9f4771dc-80b5-49… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Rife Elementor Extensions & Templates |
Affected:
1.1.6 , < 1.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:22.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rife Elementor Extensions \u0026 Templates",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.6",
"status": "affected",
"version": "1.1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The \u201cRife Elementor Extensions \u0026 Templates\u201d WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-05T18:28:47.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rife Elementor Extensions \u0026 Templates \u003c 1.1.6 - Contributor+ Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24265",
"STATE": "PUBLIC",
"TITLE": "Rife Elementor Extensions \u0026 Templates \u003c 1.1.6 - Contributor+ Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rife Elementor Extensions \u0026 Templates",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.6",
"version_value": "1.1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cRife Elementor Extensions \u0026 Templates\u201d WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24265",
"datePublished": "2021-05-05T18:28:47.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:22.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}