WordPress Premium Addons for Elementor plugin <= 4.11.63 - Settings Change vulnerability

Settings Change vulnerability discovered by Phat RiO in WordPress Plugin Premium Addons for Elementor versions = 4.11.63...

WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Arif Shaikh in WordPress Plugin Element Pack Elementor Addons versions = 8.3.13...

CVE-2026-1004

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

CVE-2026-1004

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

CVE-2026-1004

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

CVE-2026-1004 Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

CVE-2026-1004

CVE-2026-1004 affects the Essential Addons for Elementor plugin for WordPress (versions up to and including 6.5.5). The flaw, via the eael_product_quickview_popup function, allows unauthenticated attackers to exfiltrate WooCommerce product information for items with draft, pending, or private sta...

CVE-2026-1004 Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

PT-2026-3237

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael product quickview popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...

WordPress plugin Essential Addons for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ZadWon in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...

WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Responsive Addons for Elementor versions = 2.0.8...

CVE-2026-22518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2023-40679

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3...

CVE-2025-46434

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

CVE-2024-34563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9...

CVE-2024-34374

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0...

CVE-2024-34436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through 1.8...

CVE-2024-34562

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0...