WordPress plugin Livemesh Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability

WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...

WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Animation Addons for Elementor versions = 2.6.3...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Animation Addons for Elementor versions = 2.6.3...

Exploit for CVE-2026-4885

CVE-2026-4885 – Piotnet Addons for Elementor Pro Mass Exploit...

Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

MAL-2026-4410 Malicious code in @onerjs/addons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7d3b8a435a56ca78d7a2f4ca7077b8a96f968d29e32dd01580fdf01cee442f5 Package is published as @onerjs/addons but ships a verbatim copy of @babylonjs/addons source while declaring Babylon.js identity in its metadata:...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +59 more potentially affected by CVE-2026-41863 via org.springframework.ai:spring-ai-anthropic (>=1.0.0-M5 <=1.1.6)

org.springframework.ai:spring-ai-anthropic MAVEN version =1.0.0-M5, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-41863 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16873885...

CVE-2026-9018

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.11...

Exploit for CVE-2026-4885

CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...

CVE-2025-15369

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

CVE-2025-15369

CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...

CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

EUVD-2025-209902

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

CVE-2026-7284

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

WordPress plugin Easy Elements for Elementor – Addons & Website Templates 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...