CVE-2026-3311

The CVE-2026-3311 family concerns The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce (WordPress) up to version 6.4.9. All connected sources describe a Stored Cross-Site Scripting vulnerability via the Progress Bar shortcode caused by insufficient...

CVE-2026-3311 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...

CVE-2026-4341

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

WordPress Element Pack Addons for Elementor plugin <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SVG Image Widget vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...

PT-2026-31139

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.7.0...

PT-2026-31081

Name of the Vulnerable Software and Affected Versions Prime Slider – Addons for Elementor plugin for WordPress versions up to and including 4.1.10 Description The Prime Slider – Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient...

PT-2026-31086

Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress versions up to and including 6.4.9 Description The Plus Addons for Elementor plugin for WordPress is susceptible to Stor...

PT-2026-31201

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through = 9.0...

PT-2026-31265

Name of the Vulnerable Software and Affected Versions WPBITS Addons For Elementor Page Builder versions through 1.8.1 Description WPBITS Addons For Elementor Page Builder is susceptible to a Stored Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation...

WordPress plugin Prime Slider – Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin themesflat-addons-for-elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Livemesh Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

PT-2026-31264

Name of the Vulnerable Software and Affected Versions Wealcoder Animation Addons for Elementor versions through 2.6.1 Description Animation Addons for Elementor is susceptible to a DOM-Based Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. This...

WordPress plugin Animation Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Progress Bar vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in...

Exploit for Cross-site Scripting in Exclusiveaddons Exclusive_Addons_For_Elementor

WP-Hunter MCP - Autonomous Bug Bounty Hunting MCP SERVER...

CVE-2025-13368

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1.4.20 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-0664

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter in all versions up to, and including, 1.7.1049 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...