7275 matches found
WordPress plugin Easy Elementor Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
PT-2025-38867
Name of the Vulnerable Software and Affected Versions bdthemes Ultimate Store Kit Elementor Addons versions through 2.8.2 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means an attacke...
CVE-2025-9203
The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitlessize', 'tracktitle', and 'trackartistname' parameters in version 1.0.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This...
WordPress Media Player Addons for Elementor plugin cross-site scripting vulnerability
WordPress Media Player Addons for Elementor plugin is a plugin designed for Elementor page builder, mainly used to extend the media playback functionality. A cross-site scripting vulnerability exists in the WordPress Media Player Addons for Elementor plugin, which stems from insufficient input...
CVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...
WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Plugin Essential Addons for Elementor versions = 6.2.4...
CVE-2025-9203 Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields
The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitlessize', 'tracktitle', and 'trackartistname' parameters in version 1.0.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This...
CVE-2025-9203 Media Player Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields
The Media Player Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtitlessize', 'tracktitle', and 'trackartistname' parameters in version 1.0.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This...
CVE-2025-9203
CVE-2025-9203 concerns the WordPress plugin Media Player Addons for Elementor (versions ≤ 1.0.5). The issue is Stored Cross-Site Scripting caused by insufficient input sanitization and output escaping for the parameters subtitle_ssize , track_title , and track_artist_name . With contributor-level...
WordPress Media Player Addons for Elementor plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widget Fields vulnerability discovered by zer0gh0st in WordPress Plugin Media Player Addons for Elementor – Media Player widget for WP versions = 1.0.5...
PT-2025-38121
Name of the Vulnerable Software and Affected Versions: Media Player Addons for Elementor plugin for WordPress version 1.0.5 Description: The Media Player Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output...
WordPress plugin Media Player Addons for Elementor 跨站脚本漏洞
WordPress Media Player Addons for Elementor plugin is a plugin designed for Elementor page builder, mainly used to extend the media playback functionality. A cross-site scripting vulnerability exists in the WordPress Media Player Addons for Elementor plugin, which stems from insufficient input...
CVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...
CVE-2025-8446
CVE-2025-8446 concerns the Blaze Demo Importer plugin for WordPress (versions 1.0.12 or apply the vendor-provided fix, and validate that unauthorized plugin installations are disallowed.
PT-2025-37921
Name of the Vulnerable Software and Affected Versions: Blaze Demo Importer plugin for WordPress versions through 1.0.12 Description: The Blaze Demo Importer plugin for WordPress is susceptible to unauthorized limited plugin installation due to a missing capability check within the blaze demo...
CVE-2025-8215
The Responsive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8388
The PowerPack Elementor Addons Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursorurl’ parameter in all versions up to, and including, 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-8215
The Responsive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8215
CVE-2025-8215 concerns the WordPress plugin “Responsive Addons for Elementor” (WordPress) with a Stored Cross-Site Scripting (XSS) flaw in multiple widgets up to version 1.7.4. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticate...
CVE-2025-8215 Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Responsive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...