7275 matches found
CVE-2025-5944
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5944
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Cross-site Scripting (XSS)
Overview org.webjars:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping. An...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.uikit:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and outp...
Cross-site Scripting (XSS)
Overview org.webjars.bower:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping...
Cross-site Scripting (XSS)
Overview org.webjars.npm:uikit is a lightweight and modular front-end framework for developing fast and powerful web interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the data-caption attribute due to insufficient input sanitisation and output escaping. A...
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5944
CVE-2025-5944 affects the Element Pack Addons for Elementor WordPress plugin (versions up to 8.0.0). The vulnerability is a Stored/DOM-Based Cross-Site Scripting via the data-caption attribute, exploitable by authenticated users with Contributor-level access or higher. The root cause is insuffici...
PT-2025-27678 · WordPress · Element Pack Elementor Addons
Name of the Vulnerable Software and Affected Versions: Element Pack Addons for Elementor plugin for WordPress versions up to, and including, 8.0.0 Description: The issue is related to Stored Cross-Site Scripting via the data-caption attribute due to insufficient input sanitization and output...
WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2025-2330
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-46259
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...
CVE-2025-46259
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...
CVE-2025-46259 WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...
CVE-2025-46259 WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7...
CVE-2025-46259
The CVE-2025-46259 entry describes a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin The Plus Addons for Elementor Pro, affecting versions prior to 6.3.7. The issue stems from incorrectly configured access control security levels that could allow unauthorized a...
CVE-2025-6756
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-6756
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-6756
CVE-2025-6756 concerns Ultra Addons for Contact Form 7 (WordPress). The vulnerability is a Stored Cross-Site Scripting flaw in the UACF7_CUSTOM_FIELDS shortcode, arising from insufficient input sanitization and output escaping for user-supplied attributes. Exploitation requires authentication at ...