WordPress plugin WPoperation Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WPSHARE247 Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-14195 · Unknown · Wpshare247 Elementor Addons

Name of the Vulnerable Software and Affected Versions: WPSHARE247 Elementor Addons versions n/a through 2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

WordPress plugin ElementsCSS Addons for Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-14122 · Unknown · Digitalcourt Marketer Addons

Name of the Vulnerable Software and Affected Versions: DigitalCourt Marketer Addons versions 1.0.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

WordPress plugin Marketer Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-14204 · WordPress · Wpoperation Elementor Addons

Name of the Vulnerable Software and Affected Versions: WPoperation Elementor Addons versions 1.1.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

WordPress PowerPack Addons for Elementor plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin PowerPack Addons for Elementor versions = 2.9.0...

WordPress Themesflat Addons For Elementor plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin themesflat-addons-for-elementor versions = 2.3.1...

CVE-2025-31567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.3.1...

CVE-2025-31567 WordPress Themesflat Addons For Elementor plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS. This issue affects Themesflat Addons For Elementor: from n/a through 2.2.5...

CVE-2025-31567

CVE-2025-31567 : Stored Cross-Site Scripting in Themesflat Addons For Elementor (Themesflat Addons For Elementor plugin). Affected: 2.2.5 and earlier. Root cause per description: improper neutralization of input during web page generation. CVSS 3.1 base score 6.5 (Network, Low/Low/Low) per Patchs...

CVE-2025-31567 WordPress Themesflat Addons For Elementor plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.3.1...

WordPress plugin Themesflat Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-22646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through = 1.0.8...

CVE-2025-30766

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows DOM-Based XSS.This issue affects Happy Addons for Elementor: from n/a through = 3.16.2...

CVE-2025-30812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Addons for Elementor skt-addons-for-elementor allows Stored XSS.This issue affects SKT Addons for Elementor: from n/a through = 3.5...

CVE-2025-30925

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.1.1...

CVE-2025-30845

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through = 2.1.1...

CVE-2024-11180 ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekitcountdowntimertitle parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...