CVE-2025-10173

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the postsave function in all versions up to, and including, 4.8.3. This makes it possible for authenticated...

CVE-2025-10173

Technical details about CVE-2025-10173 (ShopEngine Elementor WooCommerce Builder Addon) are not provided in the connected documents. Monitor for updates from vendors/security advisories.

CVE-2025-10173 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the postsave function in all versions up to, and including, 4.8.3. This makes it possible for authenticated...

CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Mega Elements – Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-39479

Name of the Vulnerable Software and Affected Versions Mega Elements – Addons for Elementor plugin for WordPress versions up to and including 1.3.2 Description The software contains a Stored Cross-Site Scripting issue within the Countdown Timer widget. Insufficient input sanitization and output...

CVE-2025-57939

Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Hover Effects – Elementor Addon: from n/a through = 1.4.4...

WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability

Deserialization of untrusted data Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin TF Woo Product Grid Addon For Elementor versions = 1.0.1...

CVE-2025-57939

Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Hover Effects – Elementor Addon: from n/a through = 1.4.4...

WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Image Hover Effects – Elementor Addon versions = 1.4.4...

CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

CVE-2025-57939

CVE-2025-57939 corresponds to a Missing Authorization vulnerability in the Image Hover Effects – Elementor Addon. According to the provided data, the issue affects Image Hover Effects – Elementor Addon version up to and including 1.4.4, and the patch status is Unpatched. The Connected Wordfence v...

CVE-2025-57939 WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.4...

CVE-2025-57939 WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Hover Effects – Elementor Addon: from n/a through = 1.4.4...

WordPress plugin Image Hover Effects – Elementor Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-38789

Name of the Vulnerable Software and Affected Versions Blocksera Image Hover Effects – Elementor Addon versions through 1.4.4 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. Recommendations At the moment, there is no...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: lvm-driver, vexctl, shfmt, grafana-operator, mongodb-kubernetes-operator, local-path-provisioner, sftpgo-plugin-geoipfilter, octo-sts, addon-resizer, terraform-provider-time, nats, newrelic-nri-statsd, vault-benchmark, gitsign, gostatsd, ctop,...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: lvm-driver, vexctl, shfmt, grafana-operator, mongodb-kubernetes-operator, local-path-provisioner, sftpgo-plugin-geoipfilter, octo-sts, addon-resizer, terraform-provider-time, nats, newrelic-nri-statsd, vault-benchmark, gitsign, gostatsd, ctop,...

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

CVE-2025-8149

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...