Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2195 matches found

Patchstack
Patchstackadded 2025/12/18 9:44 p.m.5 views

WordPress Prime Slider – Addons for Elementor plugin <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Deadbee - NA in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.9...

4.3CVSS6.8AI score0.00279EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/12/18 1:15 p.m.4 views

CVE-2025-14277

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the importelementortemplate AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make we...

4.3CVSS0.00279EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/12/18 12:50 p.m.5 views

WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes LMS Addon versions = 2.6...

8.1CVSS7AI score0.00219EPSS
Exploits0Affected Software1
CVE
CVEadded 2025/12/18 12:22 p.m.6 views

CVE-2025-14277

Technical details about CVE-2025-14277 (SSRF in Prime Slider Addons for Elementor) are not publicly provided in the supplied documents; monitor for updates.

4.3CVSS5.4AI score0.00279EPSS
Exploits0References2
NVD
NVDadded 2025/12/18 8:16 a.m.1 views

CVE-2025-60081

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through = 6.5.0...

8.8CVSS0.00355EPSS
Exploits0References1
CNVD
CNVDadded 2025/12/18 12:0 a.m.1 views

WordPress Addon Elements for Elementor Cross-Site Scripting Vulnerability

WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...

6.4CVSS6.2AI score0.00221EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/12/17 9:16 a.m.4 views

WordPress DesignThemes Portfolio Addon plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Portfolio Addon versions = 1.5...

6.1CVSS6.1AI score0.00156EPSS
Exploits0Affected Software1
NVD
NVDadded 2025/12/16 9:15 a.m.2 views

CVE-2025-67951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/16 8:12 a.m.2 views

CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS6AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/16 8:12 a.m.26 views

CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/16 12:0 a.m.3 views

PT-2025-51435

Name of the Vulnerable Software and Affected Versions WPZOOM Addons for Elementor versions through 1.2.10 Description The software contains a flaw related to improper input handling during web page creation, specifically a DOM-Based Cross-site Scripting issue. This allows for potential malicious...

6.5CVSS6.9AI score0.00156EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/12/15 6:35 p.m.6 views

WordPress Addon Elements for Elementor plugin <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.14.3...

6.4CVSS5.5AI score0.00221EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/15 5:25 a.m.4 views

CVE-2025-12537

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS5.1AI score0.00221EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/14 6:30 a.m.2 views

EUVD-2025-203284

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS4.7AI score0.00221EPSS
Exploits0References3
CVE
CVEadded 2025/12/14 5:21 a.m.16 views

CVE-2025-12537

The WordPress plugin Addon Elements for Elementor is affected by a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 1.14.3 due to insufficient input filtering and output escaping across multiple widget parameters. An authenticated attacker with Contributor-level access or higher ...

6.4CVSS4.8AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/14 5:21 a.m.3 views

CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS4.8AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/14 5:21 a.m.16 views

CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00221EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/12/14 12:0 a.m.2 views

WordPress plugin Addon Elements for Elementor 跨站脚本漏洞

WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...

6.4CVSS6.3AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/14 12:0 a.m.3 views

PT-2025-51147

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS5.1AI score0.00221EPSS
Exploits0References2
NVD
NVDadded 2025/12/12 7:15 a.m.4 views

CVE-2025-14356

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00337EPSS
Exploits0References6
Rows per page
Query Builder