CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

EUVD-2026-0817

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2025-12067

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-2092

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2348

The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2024-2792

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-2091

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2026-2105

Name of the Vulnerable Software and Affected Versions REDAXO versions prior to 5.20.2 Description REDAXO is a PHP-based content management system. Authenticated users with backup permissions can read arbitrary files within the webroot due to a path traversal issue in the Backup addon’s file expor...

CVE-2025-30631 Reflected Cross Site Scripting (XSS) vulnerability in AA-Team WordPress plugins

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows Reflected XSS.This issue affects Woocommerce Sales Funnel Builder...

CVE-2025-30631 WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer azon-addon-js-composer allows Reflected XSS.This issue affects Amazon Affiliates Addon for WPBakery Page Builder...

CVE-2025-30631

CVE-2025-30631 is a Reflected XSS in AA-Team Woocommerce Sales Funnel Builder and AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer). Affected: Woocommerce Sales Funnel Builder up to version 1.1; Amazon Affiliates Addon for WPBakery Page Builder up to 1.2. Root c...

CVE-2025-69363

Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through = 2.0.8...

CVE-2025-69348

Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.15...

CVE-2025-69341

Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through = 1.0.3...

WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin The Events Calendar Countdown Addon versions = 1.4.15...

CVE-2025-69363

CVE-2025-69363 : Missing Authorization / broken access control in CyberChimps Responsive Addons for Elementor (responsive-addons-for-elementor

CVE-2025-69356

CVE-2025-69356 refers to an authenticated Local File Inclusion in TheGem Theme Elements (for Elementor) from the TheGem Theme Elements family. The issue arises from Improper Control of Filename for Include/Require Statements in PHP, affecting TheGem Theme Elements (for Elementor) up to version 5....

CVE-2025-69348 WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.15...