CVE-2025-6756

CVE-2025-6756 concerns Ultra Addons for Contact Form 7 (WordPress). The vulnerability is a Stored Cross-Site Scripting flaw in the UACF7_CUSTOM_FIELDS shortcode, arising from insufficient input sanitization and output escaping for user-supplied attributes. Exploitation requires authentication at ...

CVE-2025-6756 Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-6756 Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7CUSTOMFIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2025-27512 · WordPress · Ultimate Addons For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Ultra Addons for Contact Form 7 versions up to, and including, 3.5.21 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's UACF...

WordPress plugin POSIMYTH Innovation The Plus Addons for Elementor Pro 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin POSIMYTH Innovation The...

WordPress plugin Ultra Addons for Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-27575 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor Pro versions prior to 6.3.7 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

CVE-2025-6252

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-53339

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local File Inclusion.This issue affects Devnex Addons For Elementor: from n/a through = 1.0.9...

CVE-2025-5338

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1028 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-6252

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-6252 Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-6252 Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-6252

CVE-2025-6252 concerns the WordPress plugin Qi Addons For Elementor (versions up to and including 1.9.1). The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping across multiple parameters, allowing an attacker with at least Contributo...

WordPress plugin Qi Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-27287 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.9.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers wi...

WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Prissy in WordPress Plugin Devnex Addons For Elementor versions = 1.0.9...

CVE-2025-53339

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local File Inclusion.This issue affects Devnex Addons For Elementor: from n/a through = 1.0.9...

CVE-2025-53339

CVE-2025-53339 : Local File Inclusion via PHP Remote File Inclusion in the WordPress plugin Devnex Addons For Elementor (vulnerable up to 1.0.9). The entry describes improper control of the filename in include/require, enabling LFI. Patch status is Unpatched per multiple sources; remediation guid...

CVE-2025-53339 WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue affects Devnex Addons For Elementor: from n/a through 1.0.9...