7289 matches found
CVE-2025-24729
CVE-2025-24729 concerns the WordPress plugin ElementInvader Addons for Elementor, with Stored XSS in ElementInvader Addons for Elementor <= 1.3.3. The vulnerability stems from improper input neutralization during web page generation, allowing stored cross-site scripting. Public documents confi...
CVE-2025-24729 WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3...
CVE-2025-24618 WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.1...
CVE-2025-24618 WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.1...
CVE-2025-24595 WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...
CVE-2025-24595 WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...
CVE-2025-24578 WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...
CVE-2025-24578 WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.0...
CVE-2025-24578
CVE-2025-24578 affects ElementInvader Addons for Elementor (WordPress plugin). The vulnerability is a DOM-based XSS caused by improper input neutralization during web page generation, impacting ElementInvader Addons for Elementor versions from n/a through 1.3.0. The Red Hat/ENISA and Patchstack e...
WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nirmal Kavaiya in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...
WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin All Embed – Elementor Addons versions = 1.1.3...
WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.3...
WordPress ElementInvader Addons for Elementor plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.0...
CVE-2024-13354
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. Thi...
CVE-2024-13354
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. Thi...
CVE-2024-13335
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoderthemeinstallfunc function in all versions up to, and including, 1.0.14. This makes it possible for authenticated...
CVE-2024-13335
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoderthemeinstallfunc function in all versions up to, and including, 1.0.14. This makes it possible for authenticated...
CVE-2024-13335 Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoderthemeinstallfunc function in all versions up to, and including, 1.0.14. This makes it possible for authenticated...
CVE-2024-13335
CVE-2024-13335 affects Spexo Addons for Elementor (WordPress plugin) and is due to a missing capability check in the tmpcoder_theme_install_func() function. The vulnerability exists in all versions up to and including 1.0.14, enabling authenticated attackers with Subscriber-level access and above...
CVE-2024-13354
CVE-2024-13354 affects the WordPress plugin family “Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates.” The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in multiple widgets caused by insufficient input sanitization and output escaping. It is explo...