7275 matches found
CVE-2025-58195
Xpro Elementor Addons (WordPress plugin) vulnerability CVE-2025-58195 is a stored XSS caused by improper neutralization of input during web page generation, affecting versions up to 1.4.17. The issue is evidenced by multiple sources indicating affected software and the stored XSS nature, with rem...
CVE-2025-58195 WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through = 1.4.17...
WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...
WordPress plugin ElementInvader Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-34919 · WordPress · Elementinvader Addons For Elementor
Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions through 1.3.6 Description: The software contains a DOM-Based Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update ElementInvade...
PT-2025-34911 · WordPress · Xpro Elementor Addons
Name of the Vulnerable Software and Affected Versions: Xpro Elementor Addons versions through 1.4.17 Description: This issue involves improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting XSS condition. The vulnerability allows malicious scripts to ...
WordPress plugin Xpro Elementor Addons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-8208
The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8062
The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wsweather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8208
The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8208
CVE-2025-8208 : The Spexo Addons for Elementor WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Countdown widget in versions up to and including 1.0.23. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes, allow...
CVE-2025-8208 Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8208 Spexo Addons for Elementor <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Spexo Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-34548 · WordPress · Spexo Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Spexo Addons for Elementor plugin for WordPress versions up to and including 1.0.23 Description: The Spexo Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Countdown widget. Insufficient input...
CVE-2025-8062
The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wsweather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8062 WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode
The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wsweather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin WS Theme Addons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-34515 · WordPress · Ws Theme Addons
Name of the Vulnerable Software and Affected Versions: WS Theme Addons plugin for WordPress versions prior to 2.0.1 Description: The WS Theme Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ws weather shortcode. Insufficient input sanitization and output...
WordPress WS Theme Addons plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wsweather Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WS Theme Addons versions = 2.0.0...