CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

EUVD-2026-5241

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.17...

WordPress plugin WP Forms Signature Contract Add-On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Dual Button Widget vulnerability discovered by RandomRoot in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

WordPress Elementor Addon Elements plugin <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.2...

WordPress Elementor Addon Elements plugin <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.3...

WordPress Essential Addons for Elementor plugin <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Essential Addons for Elementor versions = 5.9.11...

WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via URLs vulnerability discovered by Ankit Patel in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Grid vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability discovered by stealthcopter in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

WordPress Elementor Addon Elements plugin <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.13.6...

WordPress PDF Generator Addon for Elementor Page Builder plugin <= 2.0.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by stealthcopter in WordPress Plugin PDF Generator Addon for Elementor Page Builder versions = 2.0.0...

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

EUVD-2026-4920

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

CVE-2025-9082

The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. This makes it possible for authenticat...

WordPress Plugin WPBITS Addons for Elementor: Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...