CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress plugin Element Pack Elementor Addons and Templates 跨站脚本漏洞

WordPress Element Pack Elementor Addons and Templates is a powerful plugin for Elementor designed to simplify website design. A cross-site scripting vulnerability exists in WordPress Element Pack Elementor Addons and Templates, which stems from insufficient input cleanup and output escaping of th...

WordPress plugin Exclusive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Exclusive Addons For Elementor, which stems from insufficient input cleanup and escaping, and can be exploited by a...

WordPress Element Pack Elementor Addons plugin <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.1.5...

CVE-2025-7646

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfilteredhtml...

CVE-2025-8488

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...

CVE-2025-8488

CVE-2025-8488 affects Ultimate Addons for Elementor (formerly Elementor Header & Footer Builder) for WordPress, with versions up to 2.4.6 vulnerable due to a missing capability check in the save_hfe_compatibility_option_callback() function. This enables authenticated attackers with Subscriber-lev...

CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...

CVE-2025-8146

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8146

CVE-2025-8146 : Qi Addons For Elementor (WordPress) is vulnerable to Stored Cross-Site Scripting via the TypeOut Text widget in all versions up to and including 1.9.2, due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at cont...

CVE-2025-8146 Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Qi Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-31722 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to and including 1.9.2 Description: The Qi Addons For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the TypeOut Text widget. Insufficient input...

WordPress plugin Ultimate Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-7646

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfilteredhtml...

CVE-2025-7646

The CVE-2025-7646 entry concerns The Plus Addons for Elementor Page Builder (Lite) for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s custom script parameter affecting all versions up to 6.3.10. An authenticated attacker with Contributor-level access or higher...

CVE-2025-7646 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfilteredhtml...

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress The Plus Addons for Elementor plugin is a professional extension plugin for Elementor page builder that provides over 120 widgets and extensions with support for WooCommerce store builder, Mega menu, popups and other advanced features. WordPress The Plus Addons for Elementor plugin...

PT-2025-31618 · WordPress · The Plus Addons For Elementor – Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce versions prior to 6.3.10 Description: The plugin is susceptible to Stored Cross-Site Scripting through the custom script parameter. Authenticate...

Mozilla: Bypass of Restricted Keyword "Mozilla" in Display Name Field via Unicode Homoglyphs on addons.allizom.org

A restricted keyword bypass vulnerability was discovered on the Firefox Add-ons platform that allowed an attacker to register a display name visually identical to "Mozilla" by using a Unicode homoglyph character. This circumvented the intended restriction and could have been used to impersonate...