CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/04/15 11:59 a.m.•53 views

CVE-2025-26990

CVE-2025-26990 is an authenticated SSRF in Royal Elementor Addons for WordPress, affecting up to version 1.7.1006. Wordfence lists it as patched; remediation is to upgrade to a fixed version released by the plugin authors (latest available). Public exploit details are not provided in the connecte...

4.9CVSS7.2AI score0.00183EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/04/15 11:59 a.m.•3 views

CVE-2025-26990 WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through = 1.7.1006...

4.4CVSS8.6AI score0.00183EPSS

Cvelist•added 2025/04/15 11:59 a.m.•20 views

CVE-2025-26990 WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability

4.4CVSS0.00183EPSS

NVD•added 2025/04/15 6:15 a.m.•23 views

CVE-2025-2225

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘raeltitletag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS0.00238EPSS

OSV•added 2025/04/15 6:15 a.m.•3 views

CVE-2025-2225

5.4CVSS5.9AI score0.00238EPSS

Cvelist•added 2025/04/15 5:23 a.m.•17 views

CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'

6.4CVSS0.00238EPSS

Vulnrichment•added 2025/04/15 5:23 a.m.•3 views

CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'

6.4CVSS5.7AI score0.00238EPSS

CVE•added 2025/04/15 5:23 a.m.•64 views

CVE-2025-2225

CVE-2025-2225 : The WordPress plugin “Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates” is affected by a Stored Cross‑Site Scripting flaw in the rael_title_tag parameter for versions up to and including 1.6.9. Exploitation requires authentication at Contribut...

6.4CVSS5.8AI score0.00238EPSS

Exploits0References4Affected Software1

CNNVD•added 2025/04/15 12:0 a.m.•1 views

WordPress plugin Responsive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS6.6AI score0.00238EPSS

CNNVD•added 2025/04/15 12:0 a.m.•2 views

WordPress plugin Royal Elementor Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

4.9CVSS6.2AI score0.00183EPSS

Positive Technologies•added 2025/04/15 12:0 a.m.•3 views

PT-2025-16325 · Unknown · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: Royal Elementor Addons versions 1.7.1006 and earlier Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for Server Side Request Forgery. Recommendations: For Royal Elementor Addons versions 1.7.1006 and...

4.9CVSS5.6AI score0.00183EPSS

Exploits0References6

Positive Technologies•added 2025/04/15 12:0 a.m.•4 views

PT-2025-16289 · WordPress · Responsive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress versions up to, and including, 1.6.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

6.4CVSS6.2AI score0.00238EPSS

Exploits0References11

NVD•added 2025/04/12 9:15 a.m.•19 views

CVE-2025-1456

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widgetGrid, widgetCountDown, and widgetInstagramFeed methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.0023EPSS

OSV•added 2025/04/12 9:15 a.m.•3 views

CVE-2025-1456

5.4CVSS7.4AI score

OSV•added 2025/04/12 9:15 a.m.•2 views

CVE-2025-1455

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.0023EPSS

NVD•added 2025/04/12 9:15 a.m.•14 views

CVE-2025-1455

6.4CVSS0.0023EPSS

RedhatCVE•added 2025/04/12 8:43 a.m.•17 views

CVE-2025-32158

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Elementor: from n/a through = 1.1.3...

8.8CVSS7.2AI score0.00578EPSS

Vulnrichment•added 2025/04/12 8:22 a.m.•6 views

CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting

6.4CVSS5.8AI score0.0023EPSS