CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...

CVE-2025-8068

The CVE-2025-8068 issue affects the WordPress plugin HT Mega – Absolute Addons For Elementor. A vulnerability in the ajax_trash_templates function arises from an improper capability check, making authenticated users with Contributor-level access and above able to delete arbitrary attachment files...

CVE-2025-8216

The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

WordPress plugin HT Mega – Absolute Addons For Elementor 授权问题漏洞

WordPress HT Mega - Absolute Addons For Elementor plugin is an Elementor page builder plugin designed specifically for WordPress, offering over 100 custom widgets, 360+ preset modules, and multiple templates for blogs, sliders , collapsible menus and other page elements. A vulnerability exists in...

WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin Easy Elementor Addons versions = 2.2.6...

WordPress Supreme Addons for Beaver Builder Cross-Site Scripting Vulnerability

WordPress Supreme Addons for Beaver Builder is a plugin that extends the functionality of the Beaver Builder page builder, mainly for enhancing its visual editing capabilities and module extensions. A cross-site scripting vulnerability exists in WordPress Supreme Addons for Beaver Builder, which...

WordPress Sky Addons for Elementor plugin <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Sky Addons for Elementor versions = 3.1.4...

CVE-2025-8216

The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2025-8216

CVE-2025-8216 describes a stored cross-site scripting (XSS) vulnerability in the Sky Addons for Elementor WordPress plugin, affecting all versions up to 3.1.4. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in multiple widgets, enabling authe...

CVE-2025-8216 Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2025-8216 Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

WordPress plugin Sky Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-31188 · WordPress +1 · Sky Addons For Elementor +1

Name of the Vulnerable Software and Affected Versions: Sky Addons for Elementor plugin versions up to and including 3.1.4 Description: The Sky Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting XSS through multiple widgets. Insufficient input sanitization and...

WordPress plugin Magical Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Pixel Gallery Addons for Elementor plugin cross-site scripting vulnerability

WordPress Pixel Gallery Addons for Elementor plugin is a visual page builder plugin for WordPress platform, designed for Elementor, mainly used to create responsive image/video display features. The WordPress Pixel Gallery Addons for Elementor plugin suffers from a cross-site scripting...

CVE-2025-3614 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

PT-2025-30705 · WordPress · Elementskit Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor Addons and Templates versions prior to 3.5.3 Description: The ElementsKit Elementor Addons and Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting via the URL attribute of a custom widget due to...

WordPress plugin Supreme Addons for Beaver Builder 跨站脚本漏洞

WordPress Supreme Addons for Beaver Builder is a plugin that extends the functionality of the Beaver Builder page builder, mainly for enhancing its visual editing capabilities and module extensions. A cross-site scripting vulnerability exists in WordPress Supreme Addons for Beaver Builder, which...

CVE-2025-7392

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookies Addons allows Cross-Site Scripting XSS.This issue affects Cookies Addons: from 1.0.0 before 1.2.4...

WordPress News Kit Elementor Addons Missing Authorization Vulnerability

WordPress News Kit Elementor Addons is a visual page builder plugin designed for WordPress websites, mainly for creating news or blog sites. A lack of authorization vulnerability exists in WordPress News Kit Elementor Addons that stems from improperly configured access control, and no details of...