CVE-2025-60217

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...

CVE-2025-59557

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through 1.7.5...

CVE-2025-60217

CVE-2025-60217 describes a path traversal vulnerability in WordPress PT Luxa Addons (pt-luxa-addons) affecting versions up to 1.2.2. Multiple sources (NVD, Red Hat, CVE List, CNNVD, EUVD, vulnrichment, Patchstack) concur that improper restriction of pathname access enables path traversal, with Pa...

CVE-2025-60217 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...

EUVD-2025-35409

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...

CVE-2025-60217 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through = 1.2.2...

CVE-2025-59557 WordPress Learts Addons Plugin < 1.7.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through 1.7.5...

CVE-2025-59557

CVE-2025-59557 concerns a SQL injection in the WordPress plugin Learts Addons (versions prior to 1.7.5). The root cause is improper neutralization of special elements used in SQL commands in the learts-addons component, enabling potential SQL injection attacks. Affected product: WordPress plugin ...

CVE-2025-59557 WordPress Learts Addons Plugin < 1.7.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through 1.7.5...

WordPress plugin Learts Addons SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

WordPress plugin PT Luxa Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-11536

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

WordPress Litho Addons plugin <= 3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Litho Addons versions = 3.5...

WordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Abu Hurayra in WordPress Plugin King Addons for Elementor versions = 51.1.36...

WordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Najib Sinjari in WordPress Plugin King Addons for Elementor versions = 51.1.36...

CVE-2025-11536

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

CVE-2025-11536

CVE-2025-11536 : Element Pack Addons for Elementor (WordPress)

CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wpajaximportelementortemplate action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to ma...

WordPress Element Pack Addons for Elementor plugin <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by LionTree in WordPress Plugin Element Pack Elementor Addons versions = 8.2.5...