2195 matches found
Missing Authorization
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Missing Authorization in the AddonViewSet API, which allows unauthorized users to access add-on configuration data. An attacker can obtain...
GHSA-WPPC-7CQ7-CGFV Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
Impact Users were able to obtain add-on configuration via API. Patches https://github.com/WeblateOrg/weblate/pull/18107 https://github.com/WeblateOrg/weblate/pull/18164 References Weblate thanks @lighthousekeeper1212 for responsible disclosure...
EUVD-2026-8844
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
The CVE-2026-28131 entry concerns the WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder, affecting versions from unspecified to 1.14.4. The issue is described as an exposure where sensitive information can be inserted into sent data, allowing retrieval of embedded sensiti...
WordPress plugin Elementor Addon Elements 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
Weblate 安全漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.16.1 contained a security vulnerability. This vulnerability stemmed from the AddonViewSet of the REST API not limiting results based on user permissions, which could all...
PT-2026-22133
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
PT-2026-22201
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.1 Description Weblate’s REST API AddonViewSet in weblate/api/views.py line 2831 did not properly restrict access to addon information based on user permissions. Specifically, the queryset = Addon.objects.all...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.3...
WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Bakery Autoresponder Addon versions = 1.0.6...
WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Bakery Autoresponder Addon versions = 1.0.6...
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.7 - Unauthenticated Email Relay vulnerability
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.7 - Unauthenticated Email Relay vulnerability discovered by jtwings - Puramu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...
CVE-2026-2385
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting...
WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Directory Addon versions = 1.8...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.1...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.1...