CVE-2024-13335 Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install

The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoderthemeinstallfunc function in all versions up to, and including, 1.0.14. This makes it possible for authenticated...

CVE-2024-13354 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. Thi...

WordPress plugin ElementInvader Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-5449 · Unknown · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.3.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...

PT-2025-2129 · WordPress · Responsive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via HTML tags in several widgets...

WordPress plugin ElementInvader Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5543

Name of the Vulnerable Software and Affected Versions ElementInvader Addons for Elementor versions 1.3.3 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

PT-2025-5418 · Elementor · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.3.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potentia...

WordPress plugin Spexo Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Responsive Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin ElementInvader Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5431 · Bplugins · Bplugins All Embed – Elementor Addons

Name of the Vulnerable Software and Affected Versions: bPlugins All Embed – Elementor Addons versions 1.1.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means an attacker can...

CVE-2024-12043

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sociallinktitle' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient...

PT-2025-1734 · WordPress · The Prime Slider – Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.16.5 Description: The issue concerns a Stored Cross-Site Scripting vulnerability. It is caused by insufficient input sanitization and output escaping,...

WordPress Prime Slider – Addons For Elementor plugin <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Prime Slider – Addons For Elementor versions = 3.16.5...

CVE-2025-23578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Custom CSS Addons css-addons allows Reflected XSS.This issue affects Custom CSS Addons: from n/a through = 1.9.1...

CVE-2025-23578

CVE-2025-23578 relates to NotFound Custom CSS Addons and is described as a Reflected XSS in the plugin’s web page generation. Affected versions are listed as not explicit in the initial document (noted as from n/a through 1.9.1). Red Hat’s CISA-facing entry reiterates the same description without...

WordPress plugin Custom CSS Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...