CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-9703 describes a Cross-Site Scripting vulnerability in The Ultimate Addons for Elementor (Lite and related) WordPress plugin prior to version 2.5.0. The issue arises because SVG file contents uploaded via the xmlrpc.php endpoint using base64 encoding are not sanitized, allowing injection...

4.3CVSS5.8AI score0.00162EPSS

Exploits0References1

CNNVD•added 2025/10/06 12:0 a.m.•2 views

WordPress plugin The Ultimate Addons for Elementor 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in t...

4.3CVSS5.8AI score0.00162EPSS

Exploits0References1

Positive Technologies•added 2025/10/06 12:0 a.m.•8 views

PT-2025-40853

Name of the Vulnerable Software and Affected Versions The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder versions prior to 2.5.0 Description The software does not properly sanitize SVG file contents when uploaded. This occurs when using the xmlrpc.php endpoint with base6...

4.3CVSS6AI score0.00162EPSS

Exploits0References6

Positive Technologies•added 2025/10/05 12:0 a.m.•4 views

PT-2025-40824

Name of the Vulnerable Software and Affected Versions Vanderlande Baggage 360 version 7.0.0 Description An issue exists in the processing of files within Vanderlande Baggage 360. Manipulation of the Message argument in the /api-addons/v1/messages API endpoint can lead to cross site scripting. Thi...

5.1CVSS3.5AI score0.00228EPSS

Exploits0References9

Patchstack•added 2025/10/04 1:24 p.m.•4 views

WordPress Marquee Addons for Elementor plugin <= 3.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin Marquee Addons for Elementor versions = 3.8.2...

6.1CVSS6.1AI score0.00166EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/10/04 11:53 a.m.•11 views

CVE-2025-9045

The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.4CVSS6.1AI score0.00311EPSS

Exploits0References1

RedhatCVE•added 2025/10/04 11:53 a.m.•11 views

CVE-2025-9077

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.3AI score0.00277EPSS

Exploits0References1

Patchstack•added 2025/10/03 10:58 p.m.•4 views

WordPress Easy Elementor Addons plugin <= 2.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zer0gh0st in WordPress Plugin Easy Elementor Addons versions = 2.2.9...

6.4CVSS5.8AI score0.00311EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/10/03 9:51 p.m.•5 views

WordPress Ultra Addons Lite for Elementor plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animated Text Field vulnerability discovered by zer0gh0st in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.9...

6.4CVSS5.8AI score0.00277EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-2995

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00663EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-37608

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.0049EPSS

Exploits0References1