CVE-2025-1456 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated DOM-Based (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widgetGrid, widgetCountDown, and widgetInstagramFeed methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Royal Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Royal Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-16170 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1012 Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid...

CVE-2025-32641

Cross-Site Request Forgery CSRF vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through = 1.1.8...

WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita Patchstack Alliance in WordPress Plugin Royal Elementor Addons versions = 1.7.1006...

📄 Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation

Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. 🛡️ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...

CVE-2025-32158

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15...

CVE-2025-32158

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Elementor: from n/a through = 1.1.3...

CVE-2025-32158 WordPress aThemes Addons for Elementor plugin <= 1.1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Elementor: from n/a through = 1.1.3...

CVE-2025-32158 WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15...

CVE-2025-32158

CVE-2025-32158 affects aThemes Addons for Elementor, path: Local File Inclusion via improper filename control in PHP include/require. Affected: Elementor add-on up to 1.0.16 (CVE record notes 1.0.16; initial doc mentions 1.0.15). Impact per sources: authenticated (Contributor+) exploit could lead...

WordPress plugin Spider Elements – Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin aThemes Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-15935 · Unknown · Athemes Addons For Elementor

Name of the Vulnerable Software and Affected Versions: aThemes Addons for Elementor versions 1.0.0 through 1.0.15 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This is a type of...

CVE-2025-32641

Cross-Site Request Forgery CSRF vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through = 1.1.8...

CVE-2025-32641 WordPress Anant Addons for Elementor plugin <= 1.1.5 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5...

CVE-2025-32641 WordPress Anant Addons for Elementor plugin <= 1.1.8 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through = 1.1.8...

CVE-2025-32641

CVE-2025-32641 affects the WordPress plugin Anant Addons for Elementor (versions up to 1.1.5). It is a CSRF vulnerability that can lead to arbitrary plugin installation/activation on behalf of an administrator. Technical details across sources consistently describe the issue and its impact (CSRF ...