7149 matches found
Premium Addons for Elementor - Unauthenticated Information Disclosure
Premium Addons for Elementor plugin for WordPress version 4.11.53 and below contains an unauthenticated information disclosure vulnerability.The vulnerability exists due to a missing authorization check in the gettemplatecontent AJAX handler, allowing unauthenticated attackers to retrieve private...
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder 4.1.10 - Open Redirect...
WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting
WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplusmorepost AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary...
ShortCode Addons - Unauthenticated Options Update
WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...
Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2012-5783, CVE-2012-6153
Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to man-in-the-middle attacks caused by not verifying that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attacker...
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...
CVE-2026-9243
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...
CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...
CVE-2026-9243
The Plus Addons for Elementor WordPress plugin contains a Stored Cross-Site Scripting (XSS) flaw in the Carousel Anything widget’s carousel_direction parameter, up to version 6.4.15. The root cause is insufficient output escaping in render(), placing the value into an unquoted dir= attribute, ena...
CVE-2026-9243
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...
CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...
WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload
Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...
PT-2026-44759
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel direction' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the carousel...
WordPress plugin Plus Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.15...
CVE-2026-49053
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
EUVD-2026-32545
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49053
CVE-2026-49053 applies to the WordPress plugin ElementsKit Elementor addons Lite (versions
CVE-2026-49053 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...
CVE-2026-49053 WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...