WordPress Responsive Addons for Elementor Cross-Site Scripting Vulnerability

WordPress Responsive Addons for Elementor is a free plugin that provides 80+ Elementor widgets and 150+ templates with support for 250+ pre-built page modules. WordPress Responsive Addons for Elementor suffers from a cross-site scripting vulnerability that stems from improper input neutralization...

CVE-2025-7644 Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in all widgets in all versions up to, and including, 1.6.7 due to insufficient input...

CVE-2025-7644

CVE-2025-7644 concerns the WordPress plugin Pixel Gallery Addons for Elementor (versions up to 1.6.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via URLs in all widgets due to insufficient input sanitization and output escaping, allowing authenticated attackers with Contributor-lev...

CVE-2025-7644 Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in all widgets in all versions up to, and including, 1.6.7 due to insufficient input...

WordPress plugin Pixel Gallery Addons for Elementor 跨站脚本漏洞

WordPress Pixel Gallery Addons for Elementor plugin is a visual page builder plugin for WordPress platform, designed for Elementor, mainly used to create responsive image/video display features. The WordPress Pixel Gallery Addons for Elementor plugin suffers from a cross-site scripting...

PT-2025-30380 · WordPress · Pixel Gallery Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Pixel Gallery Addons for Elementor versions up to and including 1.6.7 Description: The Pixel Gallery Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting XSS due to inadequate input sanitization and output...

CVE-2025-7392

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookies Addons allows Cross-Site Scripting XSS.This issue affects Cookies Addons: from 1.0.0 before 1.2.4...

CVE-2025-7392

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookies Addons allows Cross-Site Scripting XSS.This issue affects Cookies Addons: from 1.0.0 before 1.2.4...

CVE-2025-7392 Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookies Addons allows Cross-Site Scripting XSS.This issue affects Cookies Addons: from 1.0.0 before 1.2.4...

CVE-2025-7392 Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookies Addons allows Cross-Site Scripting XSS.This issue affects Cookies Addons: from 1.0.0 before 1.2.4...

CVE-2025-7392

CVE-2025-7392 concerns the Drupal Cookies Addons plugin. A vulnerability in input handling during page generation enables Cross-Site Scripting (XSS) for Cookies Addons versions 1.0.0–1.2.3. The issue is fixed in version 1.2.4 or later. The CVSS 3.1 base score is 6.1 (Medium), with network attack ...

CVE-2025-6997

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

Drupal Cookies Addons 安全漏洞

Drupal Cookies Addons is a plugin for the Drupal community. A security vulnerability exists in Drupal Cookies Addons versions prior to 1.2.4, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...

CVE-2025-6997

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

CVE-2025-6997

CVE-2025-6997 : ThemeREX Addons for WordPress is vulnerable to a stored cross-site scripting (XSS) via SVG uploads in versions

CVE-2025-6997 ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

PT-2025-30121 · WordPress · Themerex Addons

Name of the Vulnerable Software and Affected Versions: ThemeREX Addons versions prior to 2.35.1.2 Description: The ThemeREX Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input sanitization and output escaping in the plugin’s SVG...

WordPress plugin ThemeREX Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

CVE-2025-54037

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.3.4...

CVE-2025-48295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Stored XSS.This issue affects Easy Elementor Addons: from n/a through = 2.2.5...