7270 matches found
CVE-2026-39636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through = 9.0...
CVE-2026-39500
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.3.2...
WordPress Plugin ElementsKit Elementor Addons and Templates Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...
CVE-2026-4326
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...
CVE-2026-4326
CVE-2026-4326 concerns the Vertex Addons for Elementor plugin for WordPress, affecting all versions up to 1.6.4. The root cause is improper authorization enforcement in the activate_required_plugins() function: the capability check current_user_can('install_plugins') does not terminate execution ...
CVE-2026-4326
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...
CVE-2026-4326 Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...
EUVD-2026-20825
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...
CVE-2026-4326 Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...
PT-2026-31563
Name of the Vulnerable Software and Affected Versions Vertex Addons for Elementor plugin for WordPress versions up to and including 1.6.4 Description The Vertex Addons for Elementor plugin for WordPress is susceptible to a missing authorization issue. This is caused by insufficient authorization...
WordPress plugin Vertex Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2026-20292
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through = 9.0...
EUVD-2026-20129
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...
EUVD-2026-20165
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.3.2...
CVE-2026-39702
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...
CVE-2026-39703
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through = 1.8.1...
CVE-2026-39636
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through = 9.0...
CVE-2026-39500
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.3.2...
CVE-2026-39703
CVE-2026-39703 is a Stored XSS vulnerability in the WordPress plugin WPBITS Addons For Elementor Page Builder , affecting versions through 1.8.1 . The issue arises from improper neutralization of input during web page generation, allowing injection of malicious scripts. Connected advisories consi...
EUVD-2026-20404
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...