19 matches found
CVE-2025-8609
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-8609 RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-8609 RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
EUVD-2025-197939
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-8609
CVE-2025-8609 (RTMKit Addons for Elementor, WordPress) Stored XSS via the Accordion Block attributes in RTMKit Addons for Elementor. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Affected versions: up to 1.6.1 (WordPress plugin). Exploitation require...
PT-2025-47271
Name of the Vulnerable Software and Affected Versions RTMKit Addons for Elementor plugin for WordPress versions up to and including 1.6.1 Description The RTMKit Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through insufficient input...
EUVD-2024-48484
Malicious code in bioql PyPI...
CVE-2025-2543 Advanced Accordion Gutenberg Block <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
WordPress plugin Advanced Accordion Gutenberg Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
CVE-2025-2965
A vulnerability has been found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this vulnerability is the function Save of the component Accordion Block Handler. The manipulation of the argument Title/Body Source leads to cross site scripting. The attack can be launched...
CVE-2025-2965
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-2965
...
CVE-2025-2965
CVE-2025-2965 has conflicting statuses across sources. Red Hat reports a ConcreteCMS remote‑exploitable cross‑site scripting flaw in the Save function of the Accordion Block Handler affecting up to version 9.3.9, with no fixed version and no remediation version published. CNNVD also indicates the...
CVE-2025-2965
...
PT-2024-34805 · WordPress · Zakaria Binsaifullah Easy Accordion Gutenberg Block
Name of the Vulnerable Software and Affected Versions: Zakaria Binsaifullah Easy Accordion Gutenberg Block versions 1.2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress ComboBlocks plugin <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Accordion Block vulnerability discovered by lowol in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.87...
PT-2024-38435 · WordPress · Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress versions up to, and including, 2.2.87 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Accordion block due to insufficient input sanitizati...