CVE-2024-13353 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Local File Inclusion

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-13353

CVE-2024-13353 affects the Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates for WordPress. It describes a Local File Inclusion vulnerability in all versions up to 1.6.4 via multiple widgets. An authenticated attacker with Contributor+ access can include and e...

WordPress plugin Responsive Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Responsive Addons for Elementor plugin <= 1.6.4 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin Responsive Addons for Elementor versions = 1.6.4...

CVE-2024-13855

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-13855

CVE-2024-13855 affects Prime Addons for Elementor (WordPress) via Insecure Direct Object Reference in pae_global_block. From Wordfence data: all versions up to 2.0.1 are vulnerable; exploitation requires authenticated access at Contributor level or higher to extract information from non-public po...

WordPress plugin Prime Addons for Elementor 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An Access Control...

WordPress Prime Addons for Elementor plugin <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode vulnerability

Authenticated Contributor+ Insecure Direct Object Reference via paeglobalblock Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Prime Addons for Elementor versions = 2.0.1...

CVE-2025-26769

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Stored XSS.This issue affects Vertex Addons for Elementor: from n/a through = 1.2.0...

CVE-2025-1441

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wprfilterwooproducts' function. This makes it possible for unauthenticated attacke...

CVE-2025-1441 Royal Elementor Addons and Templates <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wprfilterwooproducts' function. This makes it possible for unauthenticated attacke...

WordPress plugin Royal Elementor Addons and Templates 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin ElementsKit Elementor addons 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Royal Elementor Addons versions = 1.7.1007...

CVE-2025-26761

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...

CVE-2025-26769

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Stored XSS.This issue affects Vertex Addons for Elementor: from n/a through = 1.2.0...

CVE-2025-26769

CVE-2025-26769 is a stored XSS in Vertex Addons for Elementor (Webilia) up to version 1.2.0. Root cause: improper input neutralization during web page generation. Impact: stored XSS; no exploitation details provided in the documents. Remediation: update to a version later than 1.2.0 (the patch/mi...

CVE-2025-26769 WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Stored XSS.This issue affects Vertex Addons for Elementor: from n/a through = 1.2.0...

CVE-2025-26769 WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Stored XSS.This issue affects Vertex Addons for Elementor: from n/a through = 1.2.0...

PT-2025-7230 · Elementor · Vertex Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Vertex Addons for Elementor versions 1.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject...