EUVD-2025-201984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

EUVD-2025-201983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

EUVD-2025-202005

Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through = 3.4...

EUVD-2025-202267

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

CVE-2025-67540

Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through = 2.4.5...

CVE-2025-63077

Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through = 3.20.3...

CVE-2025-63055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2025-63042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...

CVE-2025-63044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

CVE-2025-62999

Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through = 3.5...

CVE-2025-62090

Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons:...

CVE-2025-63077

CVE-2025-63077 affects WordPress plugin Happy Addons for Elementor (Happy Addons for Elementor, component happy-elementor-addons) with Missing Authorization / Broken Access Control. Public docs identify the affected range as

CVE-2025-63077 WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through = 3.20.3...

CVE-2025-63077 WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through = 3.20.3...

CVE-2025-63055

CVE-2025-63055 affects WordPress plugin “Master Addons For Elementor” (and related Master Addons for Elementor variants) where the vulnerability is a Stored Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected versions are up to and including 2.0...

CVE-2025-63055 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2025-63055 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2025-63042

CVE-2025-63042 is a stored XSS in the WordPress plugin “Tutor LMS Elementor Addons” by Themeum, affecting Tutor LMS Elementor Addons versions from unspecified earlier up to and including 3.0.1. The vulnerability arises from improper input neutralization during web page generation, enabling cross-...

CVE-2025-63044

CVE-2025-63044 concerns the WordPress plugin Xpro Addons — 140+ Widgets for Elementor (Xpro Elementor Addons) up to version ≤ 1.4.19.1. The issue is a DOM-based Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. The vulnerability affects the plugin in W...

CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...