2201 matches found
Malicious code in postprocesstree-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eab27dd46c3373a4894cc6c2fb16dc6ad78c99f19e516a3b2fa843e46adb766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2400 Malicious code in postprocesstree-addon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eab27dd46c3373a4894cc6c2fb16dc6ad78c99f19e516a3b2fa843e46adb766 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Elementor Pro Animation Addon 1.6 Missing Authorization
The Animation Addons for Elementor Pro plugin versions 1.6 and below on WordPress suffers from a missing capability check allowing for arbitrary plugin installation...
com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)
org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9376919...
CVE-2025-23600
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through = 1.4.1...
CVE-2025-23600 WordPress Send to a Friend Addon plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pinal.shah Send to a Friend Addon send-booking-invites-to-friends allows Reflected XSS.This issue affects Send to a Friend Addon: from n/a through = 1.4.1...
CVE-2025-23600
CVE-2025-23600 is a reflected XSS in the WordPress plugin “Send to a Friend Addon” (versions 1.4.1 and earlier). The root cause is improper neutralization of input during web page generation, allowing attacker-supplied input to be reflected in the page. Affected component: pinal.shah Send to a Fr...
CVE-2025-23600 WordPress Send to a Friend Addon plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pinal.shah Send to a Friend Addon allows Reflected XSS. This issue affects Send to a Friend Addon: from n/a through 1.4.1...
WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
Reflected Cross-Site Scripting vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin versions = 2.2...
CVE-2025-1571
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-13854
The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2025-1039 Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field
The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2024-13622
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...
CVE-2024-13854
The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2024-13854
CVE-2024-13854 affects Education Addon for Elementor (WordPress) up to version 1.3.1 and is caused by insecure direct object reference via the naedu_elementor_template shortcode due to missing validation on a user-controlled key. This allows authenticated attackers with Contributor+ privileges to...
CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode
The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
CVE-2024-13854 Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode
The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...
WordPress plugin Education Addon for Elementor 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...
WordPress Elementor Addon Elements Plugin < 1.12.12 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webtechstreet:elementoraddonelements"; ifdescription...
WordPress Education Addon for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode vulnerability
Authenticated Contributor+ Insecure Direct Object Reference via naeduelementortemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Education Addon for Elementor versions = 1.3.1...