WordPress plugin News Kit Elementor Addons 安全漏洞

WordPress News Kit Elementor Addons is a visual page builder plugin designed for WordPress websites, mainly for creating news or blog sites. A lack of authorization vulnerability exists in WordPress News Kit Elementor Addons that stems from improperly configured access control, and no details of...

PT-2025-29759 · Blazethemes · News Kit Elementor Addons

Name of the Vulnerable Software and Affected Versions: blazethemes News Kit Elementor Addons versions through 1.3.4 Description: The software contains a missing authorization issue, allowing exploitation of incorrectly configured access control security levels. Recommendations: Update blazethemes...

de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +53 more potentially affected by CVE-2025-53622 via org.dspace:dspace-api (>=1.5-alpha <=7.0-preview-1)

org.dspace:dspace-api MAVEN version =1.5-alpha, =6.2.0, =6.2.0, =5.8.0, =5.8.0, =5.4.0, =5.4.0, =5.4.0, =3.0, =1.7.0, =1.7.0, =5.11 and more Source cves: CVE-2025-53622 Source advisory: OSV:GHSA-VHVX-8XGC-99WF...

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons

CVE-2023-5360 Elementor File Upload Exploit The Royal Element...

DRUPAL-CONTRIB-2025-087

This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...

PT-2025-28954 · Drupal · Cookies Addons

Name of the Vulnerable Software and Affected Versions: Drupal Cookies Addons versions 1.0.0 through 1.2.3 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Cross-Site Scripting XSS. Recommendations: Update Drupal Cookies Addo...

Drupal Cookies Addons module < - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Cookies Addons versions...

Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087

This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...

WordPress Learts Addons Plugin < 1.7.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Learts Addons versions 1.7.5...

CVE-2025-6244 Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets

The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via Calendar And Business Reviews Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and outpu...

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-28324 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress versions up to, and including, 6.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization an...

WordPress Essential Addons for Elementor plugin <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Calendar And Business Reviews Widgets vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.1.19...

CVE-2025-5944

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-11937

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2024-11937 Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

WordPress plugin Premium Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-27862 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.69 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the linkURL of the Mobile Menu...

CVE-2025-46259

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...

CVE-2025-6756

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...