CVE-2025-11363

The CVE-2025-11363 entry concerns the WordPress plugin Royal Addons for Elementor (Royal Elementor Addons and Templates). Multiple connected sources confirm a vulnerability where the plugin versions up to 1.7.1036 lack proper authorization, allowing unauthenticated users to upload media files via...

CVE-2025-11363 Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...

CVE-2025-11363 Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...

DMadmin 代码注入漏洞

DMadmin is China vion707 open source a basic interface framework . DMadmin code injection vulnerability exists , the vulnerability stems from the file Admin/Controller/AddonsController.class.php in the Add function there is a cross-site scripting vulnerability can be exploited remotely...

PT-2025-51197

The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr addons upload file action...

PT-2025-51312

Name of the Vulnerable Software and Affected Versions vion707 DMadmin versions prior to 3403cafdb42537a648c30bf8cbc8148ec60437d1 Description A cross-site scripting issue exists in vion707 DMadmin. The issue is located in the Add function of the Admin/Controller/AddonsController.class.php file...

WordPress plugin Royal Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-8687

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7960

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplie...

EUVD-2025-203245

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-203249

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplie...

EUVD-2025-203224

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

CVE-2025-8779

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-8687

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-14475

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.10...

CVE-2025-8199

CVE-2025-8199 : Marquee Addons for Elementor is affected up to version 2.4.3. The vulnerability is a Stored Cross-Site Scripting in the Testimonial Marquee widget caused by insufficient input sanitization and output escaping on user-supplied attributes. An authenticated attacker with contributor-...

CVE-2025-8687

CVE-2025-8687 refers to the WordPress plugin Enter Addons (formerly Elementor Addon Elements) vulnerability. The issue is a Stored Cross-Site Scripting (XSS) in the Countdown and Image Comparison widgets affecting all versions up to and including 2.2.7, caused by insufficient input sanitization a...

CVE-2025-8687 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7960

CVE-2025-7960 - King Addons for Elementor (WordPress) is an authenticated (Contributor+) stored XSS affecting the Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to 51.1.39. The root cause is insufficient input sanitization and output escaping on user-supplied a...