PT-2025-2176

Name of the Vulnerable Software and Affected Versions ThemeREX Addons plugin for WordPress versions up to, and including, 2.32.3 Description The issue is related to arbitrary file uploads due to missing file type validation in the trx addons uploads save data function. This allows unauthenticated...

CVE-2025-24584

Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.3.0...

CVE-2025-24584

CVE-2025-24584 is a Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons (affected: versions up to 2.3.0). The issue arises from incorrectly configured access control security levels, enabling unauthorized access to restricted areas. The CVSS v3.1 vector (AV:N/AC:L/...

WordPress ThemeREX Addons plugin <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeREX Addons versions = 2.33.0...

WordPress plugin Ultimate Store Kit Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-5422 · Elementor · Bdthemes Ultimate Store Kit Elementor Addons

Name of the Vulnerable Software and Affected Versions: BdThemes Ultimate Store Kit Elementor Addons versions n/a through 2.3.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations...

CVE-2025-0682

The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trxscreviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2025-0682

CVE-2025-0682 (ThemeREX Addons for WordPress) is an authenticated Local File Inclusion vulnerability affecting ThemeREX Addons versions up to and including 2.33.0. An attacker with contributor-level (or higher) privileges can abuse the trx_sc_reviews shortcode’s type attribute to include and exec...

CVE-2025-0682 ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trxscreviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

WordPress plugin ThemeREX Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-4001 · WordPress · Themerex Addons

Name of the Vulnerable Software and Affected Versions: ThemeREX Addons plugin for WordPress versions up to and including 2.33.0 Description: The issue arises from the trx sc reviews shortcode type attribute, allowing authenticated attackers with contributor-level or higher permissions to include...

WordPress Responsive Addons for Elementor plugin <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ankit Patel in WordPress Plugin Responsive Addons for Elementor versions = 1.6.4...

WordPress Sastra Essential Addons for Elementor plugin <= 1.0.14 - Missing Authorization to Spexo Theme Install vulnerability

Missing Authorization to Spexo Theme Install vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.14...

CVE-2025-24729

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3...

CVE-2025-24729

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.3...

CVE-2025-24618

Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1...

CVE-2025-24618

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.1...

CVE-2025-24595

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...

CVE-2025-24578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...

CVE-2025-24729 WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.3...