WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.3...

EUVD-2025-206068

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer...

CVE-2025-30628

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer...

CVE-2025-30628 WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) plugin <= 1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer...

CVE-2025-30628 WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) plugin <= 1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer azon-addon-js-composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder...

CVE-2025-30628

CVE-2025-30628 affects the AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer). The issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting plugin versions up to and including 1.2. The CVSS v3.1 base score is 8.5 ...

CVE-2025-63053

Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2025-63053 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4...

CVE-2025-68982

Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through = 2.6...

CVE-2025-68977

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through = 1.5...

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

CVE-2023-41656

Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7...

WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Banner button link vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Anber Elementor Addon versions = 1.0.1...

WordPress Essential Addons for Elementor plugin <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.1.12...

PT-2025-54392

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6...

PT-2025-54445

Name of the Vulnerable Software and Affected Versions AA-Team Amazon Affiliates Addon for WPBakery Page Builder versions n/a through 1.2 Description An issue exists in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer that allows for SQL Injection. This occurs due...

WordPress plugin Azon Addon Js Composer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

WordPress Youzify plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update saveaddonkeylicense vulnerability discovered by Stiofan - AyeCode Ltd in WordPress Plugin Youzify versions = 1.3.3...

EUVD-2025-205753

Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through = 2.6...

EUVD-2025-205758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through = 1.5...