CVE-2025-69403

Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through = 1.1.9...

CVE-2025-69403 WordPress Bravis Addons plugin <= 1.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through = 1.3.0...

CVE-2025-68531

CVE-2025-68531 applies to ModelTheme Addons for WPBakery and Elementor (modeltheme-addons-for-wpbakery). Deserialization of untrusted data allows PHP object injection in versions before 1.5.6; authenticated (Contributor+) exploit shown in PT-2026 advisories. Patch: upgrade to v1.5.6 or later. Imp...

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

CVE-2025-60087

The CVE-2025-60087 entry describes a Local File Inclusion in the WordPress plugin Extensive VC Addons for WPBakery page builder (versions up to and including 1.9.1). The root cause is improper control of filename for include/require statements in PHP, enabling LFI via PHP Include/Require operatio...

CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

CVE-2024-50452

CVE-2024-50452 affects the WordPress Nexter Blocks: the-plus-addons-for-block-editor, with a stored XSS flaw caused by improper input neutralization during web page generation. Exploitation could occur via vulnerable blocks in Nexter Blocks versions up to and including 3.3.3, enabling stored scri...

CVE-2024-52387

CVE-2024-52387 concerns a stored XSS in WordPress plugin Master Addons for Elementor (Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations). The Red Hat/NVD entries describe an improper neutralization of input during web page generation, enablin...

CVE-2024-52387 WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2024-50452 WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through = 3.3.3...

CVE-2024-52387 WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through = 2.0.9.9.4...

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

CVE-2026-2486

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2486

CVE-2026-2486 concerns the WordPress plugin Master Addons For Elementor. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the parameter ma_el_bh_table_btn_text in versions up to and including 2.1.1, caused by insufficient input sanitization and output escaping. The exposure all...

CVE-2026-2486

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2486 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text'

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-2486 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text'

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maelbhtablebtntext' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin ModelTheme Addons for WPBakery and Elementor 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...