24 matches found
Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. id: CVE-2020-13125 info...
CVE-2026-13125
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-13125
creationtimestamp| type| source ---|---|--- 2026-07-01 16:00:06+00:00| seen| https://infosec.place/objects/dd35b5aa-82ba-4b82-8fbd-5cb1cd216bd5 2026-07-02 03:50:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpn4vo25an2p 2026-07-02 06:36:53+00:00| seen|...
CVE-2020-13125
creationtimestamp| type| source ---|---|--- 2025-12-27 17:51:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-13125.yaml 2025-12-30 21:02:58+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbaarl4edw2b 2026-06-19...
CVE-2025-13125
creationtimestamp| type| source ---|---|--- 2025-12-10 15:10:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7ndrppizc2x...
CVE-2019-13125
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...
CVE-2024-13125
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13125
creationtimestamp| type| source ---|---|--- 2025-02-13 06:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzzyt6lmq2a 2025-02-13 06:25:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113995148034307983 2025-02-13 07:08:13+00:00| seen|...
CVE-2024-13125
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13125
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13125 Everest Forms < 3.0.8.1 - Admin+ Stored XSS
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13125 Everest Forms < 3.0.8.1 - Admin+ Stored XSS
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
Remote code execution
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is...
CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
CVE-2020-13125
The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (
CVE-2020-13126
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is...
CVE-2019-13125
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...
CVE-2019-13125
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...