WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Custom CSS Addons versions = 1.9.1...

CVE-2025-22786

Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6...

CVE-2025-22758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through = 2.2.1...

CVE-2025-22758 WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through = 2.2.1...

CVE-2025-22758 WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through = 2.2.1...

CVE-2025-22758

CVE-2025-22758 is an authenticated DOM-based Cross-Site Scripting vulnerability in Elementor AI Addons (70 Widgets, Premium Templates, Ultimate Elements) caused by improper input neutralization during web page generation. Affected: Elementor AI Addons versions up to 2.2.1. Impact per the provider...

CVE-2025-22786 WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.2.6...

CVE-2025-22786

CVE-2025-22786 corresponds to a Path Traversal vulnerability in ElementInvader Addons for Elementor. The issue enables PHP Local File Inclusion via authenticated access (Contributor+ level) in ElementInvader Addons for Elementor

CVE-2025-22786 WordPress ElementInvader Addons for Elementor plugin <= 1.2.6 - Local File Inclusion vulnerability

Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6...

CVE-2024-10775

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10775

The CVE CVE-2024-10775 concerns the Piotnet Addons For Elementor WordPress plugin. Affected versions include all up to 2.4.32. The root cause is insufficient restrictions in the pafe-template shortcode, enabling Information Exposure. The vulnerability allows authenticated attackers with Contribut...

CVE-2024-10775 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10775 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

WordPress plugin ElementInvader Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-4700 · Unknown · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.2.6 and earlier Description: The issue is related to a Path Traversal vulnerability in ElementInvader Addons for Elementor, which allows PHP Local File Inclusion. Recommendations: For...

WordPress plugin Elementor AI Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

WordPress plugin Piotnet Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1605 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions up to, and including, 2.4.32 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by...

WordPress Piotnet Addons For Elementor plugin <= 2.4.32 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Piotnet Addons For Elementor versions = 2.4.32...

CVE-2025-0393

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wprfiltergridposts function. This makes it possible for unauthenticated attackers t...