PT-2025-17946 · WordPress · Xpro Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Xpro Elementor Addons - Pro plugin for WordPress versions 1.4.9 and below Description: The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom...

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Xpro Elementor Addons - Pro 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-17947 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin versions up to, and including, 5.10.29 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitizati...

CVE-2025-39589

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through = 6.1.9...

CVE-2025-39590

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.1.9...

CVE-2025-39543

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through = 1.3.977...

CVE-2025-39546

Cross-Site Request Forgery CSRF vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Cross Site Request Forgery.This issue affects ElementsReady Addons for Elementor: from n/a through = 6.6.2...

WordPress Element Pack Elementor Addons plugin <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.29...

CVE-2024-13650

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.36 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-24752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.0.14...

CVE-2025-39588

Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Object Injection.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.4.0...

CVE-2025-46472

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.1.6...

CVE-2025-46260

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through = 3.0.1...

CVE-2025-46472 WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.1.6...

CVE-2025-46472 WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.1.6...

CVE-2025-46260 WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wowDevs Sky Addons for Elementor sky-elementor-addons allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through = 3.0.1...

CVE-2025-46260 WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1...

CVE-2025-46260

CVE-2025-46260 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin “Sky Addons for Elementor.” The issue arises from improper input neutralization during web page generation, enabling stored XSS. Affected products/versions: Sky Addons for Elementor versions n/a through 3....

WordPress plugin The Pack Elementor addons 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...