CVE-2025-5338

CVE-2025-5338 : Royal Elementor Addons for WordPress (affected: all versions up to 1.7.1024) is vulnerable to stored DOM-based cross-site scripting via multiple widgets. Exploitation requires authenticated access at contributor level or above, enabling injection of scripts that execute when users...

WordPress Royal Elementor Addons plugin <= 1.7.1024 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Multiple Widgets vulnerability discovered by Asaf Mozes in WordPress Plugin Royal Elementor Addons versions = 1.7.1024...

WordPress plugin Ultra Addons for Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

WordPress plugin Royal Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

PT-2025-26945 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.7.1024 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

CVE-2025-50038

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue affects Anant Addons for Elementor: from n/a through = 1.2.8...

CVE-2025-50038

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue affects Anant Addons for Elementor: from n/a through = 1.2.8...

CVE-2025-50038 WordPress Anant Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anantaddons Anant Addons for Elementor allows Stored XSS. This issue affects Anant Addons for Elementor: from n/a through 1.2.0...

CVE-2025-50038 WordPress Anant Addons for Elementor plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Stored XSS.This issue affects Anant Addons for Elementor: from n/a through = 1.2.8...

CVE-2025-50038

CVE-2025-50038 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Anant Addons for Elementor (versions ≤ 1.2.0, per initial description). Connected sources corroborate a broader vulnerable range (plugins ≤ 1.2.8) and attribute the issue to improper input neutralization d...

WordPress plugin Anant Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Anant Addons for Elementor plugin, which stems from the application's lack of effective filtering and escaping of...

PT-2025-26391 · Unknown · Anant Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Anant Addons for Elementor versions 1.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: F...

WordPress Anant Addons for Elementor plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin Anant Addons for Elementor versions = 1.2.8...

CVE-2025-6220

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with Administrator-level access and...

WordPress plugin Ultra Addons for Contact Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

Exploit for Unrestricted Upload of File with Dangerous Type in Themefic Ultimate_Addons_For_Contact_Form_7

Ultimate Addons for Contact Form 7 1: lo: mtu 65536 qdisc noq...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +9710 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.2.0 <=6.2.7)

org.springframework:spring-web MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 and more Source cves: CVE-2025-41234 Source advisory: OSV:GHSA-6R3C-XF4W-JXJM...

CVE-2025-4774

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Premium Addons for Elementor plugin <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Asaf Mozes in WordPress Plugin Premium Addons for Elementor versions = 4.11.8...

WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by Bonds in WordPress Plugin PT Luxa Addons versions = 1.2.2...