WordPress plugin TopperPack – Complete Elementor Addons, Theme & CPT Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Bravis Addons 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

WordPress plugin Download Manager Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-21010

Name of the Vulnerable Software and Affected Versions Master Addons For Elementor plugin for WordPress versions 2.1.1 and earlier Description The software is susceptible to a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping. This allows authenticated...

PT-2026-21030

Name of the Vulnerable Software and Affected Versions Master Addons for Elementor versions through 2.0.9.9.4 Description A flaw exists in Master Addons for Elementor that allows for Stored Cross-site Scripting XSS. This issue arises from improper handling of user-supplied data during web page...

PT-2026-21090

Name of the Vulnerable Software and Affected Versions ModelTheme Addons for WPBakery and Elementor versions prior to 1.5.6 Description A flaw exists in ModelTheme Addons for WPBakery and Elementor that allows for Object Injection due to deserialization of untrusted data. This issue impacts the...

PT-2026-21184

Name of the Vulnerable Software and Affected Versions Bravis Addons versions through 1.1.9 Description The software contains a flaw due to unrestricted file upload with a dangerous file type. This allows the use of malicious files. Recommendations Update Bravis Addons to a version later than 1.1....

PT-2026-21237

Name of the Vulnerable Software and Affected Versions Shahjada Download Manager Addons for Elementor versions through 1.3.0 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. The vulnerabilit...

WordPress Master Addons For Elementor plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'maelbhtablebtntext' vulnerability discovered by Thanakorn Bunsin - KMITL in WordPress Plugin Master Addons for Elementor versions = 2.1.1...

CVE-2026-2386

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpaecreatepage AJAX handler authorizing users only with...

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

CVE-2026-23543

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through = 6.5.5...

CVE-2026-25416

CVE-2026-25416 is a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin News Kit Addons for Elementor (News Kit Elementor Addons) &lt;= 1.4.2. Affected component is the Elementor Addons News Kit plugin; root cause is incorrectly configured access control. CVSS 3.1 base...

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

CVE-2026-25416 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

CVE-2026-23543 WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through = 6.5.5...

CVE-2026-23543 WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through = 6.5.5...

CVE-2026-23543

CVE-2026-23543 affects WPDeveloper Essential Addons for Elementor Lite (upto and including version 6.5.5). The root cause is Missing Authorization due to incorrectly configured access control, described as a Broken Access Control vulnerability. The NVD/Red Hat/CVE records consistently note this i...

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...