CVE-2025-5338

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1028 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-6252

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-6252 Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-6252 Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-6252

CVE-2025-6252 concerns the WordPress plugin Qi Addons For Elementor (versions up to and including 1.9.1). The vulnerability is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping across multiple parameters, allowing an attacker with at least Contributo...

PT-2025-27287 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.9.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers wi...

WordPress plugin Qi Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Prissy in WordPress Plugin Devnex Addons For Elementor versions = 1.0.9...

CVE-2025-53339

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local File Inclusion.This issue affects Devnex Addons For Elementor: from n/a through = 1.0.9...

CVE-2025-53339

CVE-2025-53339 : Local File Inclusion via PHP Remote File Inclusion in the WordPress plugin Devnex Addons For Elementor (vulnerable up to 1.0.9). The entry describes improper control of the filename in include/require, enabling LFI. Patch status is Unpatched per multiple sources; remediation guid...

CVE-2025-53339 WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue affects Devnex Addons For Elementor: from n/a through 1.0.9...

CVE-2025-53339 WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local File Inclusion.This issue affects Devnex Addons For Elementor: from n/a through = 1.0.9...

CVE-2025-53206 WordPress HT Mega – Absolute Addons for WPBakery Page Builder plugin <= 1.0.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows Stored XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through = 1.0....

CVE-2025-53206

CVE-2025-53206 corresponds to a stored XSS vulnerability in the WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder . Affected: versions ≤ 1.0.8. Root cause: improper input neutralization during web page generation. Impact per reported CVSS: Network attack, Privileges Required Lo...

PT-2025-27227 · Unknown · Devnex Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Devnex Addons For Elementor versions 1.0.9 and earlier Description: The issue is related to Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability, which allows PHP...

PT-2025-27158 · Wpbakery · Ht Mega – Absolute Addons

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons for WPBakery Page Builder versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This...

WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Devnex Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-6212

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized values. Later, the...

CVE-2025-5338

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...