PT-2025-7230 · Elementor · Vertex Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Vertex Addons for Elementor versions 1.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject...

WordPress plugin Vertex Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-26761

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...

CVE-2025-26761 WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...

CVE-2025-26761

CVE-2025-26761 describes a DOM-based XSS in WordPress plugin Easy Elementor Addons (affected

CVE-2025-26761 WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...

WordPress plugin Easy Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin ElementsKit Elementor addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress ElementsKit Elementor addons plugin <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Accordion Widget vulnerability discovered by Webbernaut in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.4.0...

WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Easy Elementor Addons versions = 2.1.5...

WordPress Vertex Addons for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Webula Patchstack Alliance in WordPress Plugin Vertex Addons for Elementor versions = 1.2.0...

CVE-2024-12599

CVE-2024-12599 affects HT Mega – Absolute Addons For Elementor (WordPress). It is a Stored XSS via the Countdown widget in all versions up to 2.8.1, caused by insufficient input sanitization and output escaping for user-supplied attributes. Exploitation requires authenticated access at contributo...

CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

CVE-2021-4447

The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers wi...

CVE-2025-0682

The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trxscreviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2022-47586

Unauth. SQL Injection SQLi vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin = 3.1.23 versions...

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2020-26239

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...

CVE-2024-52496

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through = 1.0.14...

CVE-2024-30496

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3...