WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Addons for WPBakery and Elementor versions 1.5.6...

CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...

CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...

EUVD-2025-203868

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...

CVE-2025-13977

The CVE-2025-13977 entry concerns the WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets. It is vulnerable to Stored Cross-Site Scripting in all versions up to 6.5.3, due to insufficient input sanitization and output escaping in the Event Calendar widget’s cus...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-51804

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event...

WordPress Essential Addons for Elementor plugin <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.5.3...

CVE-2025-14722

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

EUVD-2025-203563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

CVE-2025-67951

CVE-2025-67951 describes a DOM-Based Cross-Site Scripting (XSS) vulnerability in the WPZOOM Addons for Elementor plugin (WPZOOM Addons for Elementor – Starter Templates & Widgets) for WordPress. Affected versions are

CVE-2025-11363

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...

WordPress plugin WPZOOM Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-51435

Name of the Vulnerable Software and Affected Versions WPZOOM Addons for Elementor versions through 1.2.10 Description The software contains a flaw related to improper input handling during web page creation, specifically a DOM-Based Cross-site Scripting issue. This allows for potential malicious...

CVE-2025-14722

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

CVE-2025-14722

CVE-2025-14722 affects vion707 DMadmin (Backend) with a Cross-Site Scripting vulnerability in the Add function of Admin/Controller/AddonsController.class.php. A remote attacker can manipulate input to trigger XSS; exploits have been publicly disclosed. Affected versions are prior to 3403cafdb4253...

WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Animation Addons for Elementor versions = 2.4.5...

EUVD-2025-203337

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...

CVE-2025-11363

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...