PT-2025-50046

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.19.1...

WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin WPZOOM Addons for Elementor versions = 1.2.10...

WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Xpro Elementor Addons versions = 1.4.19.1...

WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Master Addons for Elementor versions = 2.0.9.9.4...

WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mdr in WordPress Plugin Happy Addons for Elementor versions = 3.20.3...

WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mdr in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...

[SECURITY] Fedora 43 Update: kf6-kwidgetsaddons-6.20.0-2.fc43

KDE Frameworks 6 Tier 1 addon with various classes on top of QtWidgets...

[SECURITY] Fedora 43 Update: kf6-kcoreaddons-6.20.0-2.fc43

KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...

[SECURITY] Fedora 43 Update: kf6-kguiaddons-6.20.0-2.fc43

KDE Frameworks 6 Tier 1 addon with various classes on top of QtGui...

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 CVSS score: 9.8, is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative...

Attackers Actively Exploiting Critical Vulnerability in King Addons for Elementor Plugin

On July 24th, 2025, we received a submission for a Privilege Escalation vulnerability in King Addons for Elementor, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by...

📄 Exclusive Addons for Elementor 2.6.9 Cross Site Scripting

Exclusive Addons for Elementor versions 2.6.9 and below proof of concept that demonstrates a stored cross site scripting vulnerability. ============================================================================================================================================= | Title : Exclusive...

WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mdr in WordPress Plugin Tutor LMS Elementor Addons versions = 3.0.1...

MGASA-2025-0309 Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.116 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.116 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

CVE-2025-66069 WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

CVE-2025-13141

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name...

PT-2025-47743

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Tag Attribute Injection vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin HT Mega versions = 3.0.0...

WordPress Royal Elementor Addons plugin <= 1.7.1031 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Royal Elementor Addons versions = 1.7.1031...