7273 matches found
WordPress plugin Element Pack Addons for Elementor 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A code issue...
CVE-2025-11391
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
EUVD-2025-34973
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
CVE-2025-11691 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...
CVE-2025-11691 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...
CVE-2025-11691
The CVE-2025-11691 entry concerns the PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin. A SQL Injection exists in PPOM_Meta::get_fields_by_id() for all versions up to 33.0.15 due to insufficient escaping of user input and inadequate query preparation. The vulnerability is ex...
PT-2025-42696
Name of the Vulnerable Software and Affected Versions PPOM – Product Addons & Custom Fields for WooCommerce versions through 33.0.15 Description The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress has a flaw related to file handling. Specifically, the image cropper...
CVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-10706
The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwpaddonsupdateplugincb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-11814
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-11814
The CVE-2025-11814 entry concerns the Ultimate Addons for WPBakery Page Builder (WordPress). It describes a Stored Cross-Site Scripting vulnerability in all versions up to 3.21.1 (exclusive) caused by insufficient input sanitization and output escaping. The issue could allow unauthenticated attac...
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WordPress plugin Ultimate Addons for WPBakery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
WordPress Case Addons plugin < 1.3.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by ? in WordPress Plugin Case Addons versions 1.3.0...
CVE-2025-9698
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks...
WordPress The Plus Addons for Elementor plugin < 6.3.16 - Author+ Stored XSS vulnerability
Author+ Stored XSS vulnerability discovered by Tan Nguyen in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions 6.3.16...
EUVD-2025-33964
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks...
CVE-2025-9698
CVE-2025-9698 refers to The Plus Addons for Elementor WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) caused by unsanitized SVG file contents, exploitable by an Author+ (minimum Author) with SVG content uploaded or processed. Affected versions are before 6.3.16; remedia...
WordPress Easy Elementor Addons plugin cross-site scripting vulnerability
The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...