CVE-2024-47268

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

CVE-2024-47268

CVE-2024-47268 affects Synology Surveillance Station prior to 9.2.2-11575 and 9.2.2-9575, with a missing authorization vulnerability in the AddOns functionality. The issue allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors. The ...

WordPress plugin Ultimate Addons for WPBakery Page Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

CVE-2024-2385

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.4 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

EUVD-2025-24907

Malicious code in bioql PyPI...

EUVD-2024-46607

Malicious code in bioql PyPI...

PT-2025-26391 · Unknown · Anant Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Anant Addons for Elementor versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: F...

CVE-2024-43342

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4...

CVE-2024-2539

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget 'id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-1461

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-7247

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input...

CVE-2024-3639

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes like 'gridskin'. This makes it...

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

CVE-2023-2189

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

CVE-2023-1807

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the togglewidget function. This makes it possible for unauthenticated attackers t...

CVE-2022-4784

The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-32196

CVE-2025-32196: News Kit Elementor Addons (News Kit Elementor Addons) vulnerable to Stored XSS due to insufficient input handling; authenticated users (Contributor+) can exploit it. Affected versions include up to 1.3.1; patch status is Unpatched per Wordfence/related sources in connected documen...

CVE-2025-32186 WordPress Turbo Addons for Elementor plugin <= 1.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Turbo Addons Turbo Addons Elementor turbo-addons-elementor allows DOM-Based XSS.This issue affects Turbo Addons Elementor: from n/a through = 1.7.7...

CVE-2025-31813 WordPress WPSHARE247 Elementor Addons plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Website366.com WPSHARE247 Elementor Addons allows Stored XSS. This issue affects WPSHARE247 Elementor Addons: from n/a through 2.1...

CVE-2025-27412

CVE-2025-27412 concerns the REDAXO PHP-based CMS. Versions 5.0.0 through 5.18.2 expose a reflected XSS vulnerability in the rex-api-result parameter on the AddOns page. The issue allows an attacker to inject malicious scripts via crafted input, potentially affecting affected administrator session...