WordPress plugin Premium Addons for KingComposer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin Multimedia Playlist Slider Addon for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-33164 · WordPress · Alvind Billplz Addon For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Alvind Billplz Addon for Contact Form 7 versions through 1.2.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Reflected Cross-site Scripting XSS. This allows for the executi...

WordPress Billplz Addon for Contact Form 7 Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Billplz Addon for Contact Form 7 versions = 1.2.0...

CVE-2025-8462 RT Easy Builder <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-8212

CVE-2025-8212 affects the WordPress plugin Medical Addon for Elementor. The issue is a Stored Cross-Site Scripting (XSS) in the Typewriter widget across all versions up to 1.6.3, caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authe...

CVE-2025-8212 Medical Addon for Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget

The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8212 Medical Addon for Elementor <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget

The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Medical Addon for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-31727 · WordPress · Medical Addon For Elementor

Name of the Vulnerable Software and Affected Versions: Medical Addon for Elementor plugin for WordPress versions prior to 1.6.4 Description: The Medical Addon for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Typewriter widget. Insufficient input sanitizatio...

WordPress Medical Addon for Elementor plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Typewriter Widget vulnerability discovered by zer0gh0st in WordPress Plugin Medical Addon for Elementor versions = 1.6.3...

WordPress plugin HT Mega – Absolute Addons For Elementor 授权问题漏洞

WordPress HT Mega - Absolute Addons For Elementor plugin is an Elementor page builder plugin designed specifically for WordPress, offering over 100 custom widgets, 360+ preset modules, and multiple templates for blogs, sliders , collapsible menus and other page elements. A vulnerability exists in...

WordPress HTML5 Radio Player-WPBakery Page Builder Addon Path Traversal Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress HTML5 Radio Player-WPBakery Page Builder Addon, which stems from improperly restricted pathnames, and no detailed...

CVE-2025-31070

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbg-cleverbakery allows Path Traversal.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through = 2.5...

WordPress plugin HTML5 Radio Player - WPBakery Page Builder Addon 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress HTML5 Radio Player-WPBakery Page Builder Addon, which stems from improperly restricted pathnames, and no detailed...

WordPress Contact Form 7 Database Addon plugin <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via tmpD Parameter vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contact Form 7 Database Addon – CFDB7 versions = 1.3.1...

CVE-2025-6740

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-6740

CVE-2025-6740 concerns the WordPress plugin Contact Form 7 Database Addon (CFDB7). It is documented as vulnerable to unauthenticated stored cross-site scripting via the tmpD parameter in all versions up to and including 1.3.1, due to insufficient input sanitization and output escaping. The vulner...

CVE-2025-6740 Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-6740 Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...