7272 matches found
CVE-2025-68494
The CVE-2025-68494 entry describes an information-disclosure vulnerability in the WordPress plugin “Premium Addons for Elementor” (Leap13 Premium Addons for Elementor) affecting versions up to and including 4.11.53. The flaw allows retrieval of embedded sensitive data via an exposure of sensitive...
CVE-2025-68494 WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...
CVE-2025-68494 WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...
CVE-2025-14635
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14163
The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...
PT-2025-53075
Name of the Vulnerable Software and Affected Versions Leap13 Premium Addons for Elementor versions through 4.11.53 Description A flaw exists in Leap13 Premium Addons for Elementor that could allow unauthorized retrieval of sensitive data. The issue involves the exposure of sensitive system...
PT-2025-53078
Name of the Vulnerable Software and Affected Versions bdthemes Prime Slider – Addons For Elementor versions through 4.0.10 Description A Server-Side Request Forgery SSRF issue exists in bdthemes Prime Slider – Addons For Elementor. This allows for Server Side Request Forgery. The issue is present...
WordPress plugin Premium Addons for Elementor 安全漏洞
WordPress Premium Addons for Elementor Plugin is a premium extension plugin developed for the Elementor page builder designed for WordPress websites. WordPress Premium Addons for Elementor Plugin suffers from an information disclosure vulnerability that stems from the exposure of sensitive system...
WordPress plugin ModelTheme Addons for WPBakery and Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin Master Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
PT-2025-53096
Name of the Vulnerable Software and Affected Versions ModelTheme Addons for WPBakery and Elementor versions prior to 1.5.6 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting issue. This could...
CVE-2025-14635
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635
CVE-2025-14635 concerns the Happy Addons for Elementor WordPress plugin. The connected Wordfence report explicitly ties this to an authenticated stored cross-site scripting (XSS) vulnerability via the ha_page_custom_js parameter, affecting version range up to and including 3.20.3. Root cause: ins...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-204795
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14163
The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...
CVE-2025-14163
The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...
CVE-2025-14163
CVE-2025-14163 : The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation in insert_inner_template. This enables unauthenticated attackers to forge requests and cause creation of arbitrary Elementor templates, by tricking a ...
CVE-2025-14163 Premium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'
The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insertinnertemplate' function. This makes it possible for unauthenticated attackers to create arbitrary...