WordPress plugin WPZOOM Addons for Elementor – Starter Templates & Widgets 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-7511

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax post grid load more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated...

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.2 - Unauthenticated Protected Post Exposure via ajaxpostgridloadmore vulnerability discovered by Webbernaut in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.2...

📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload

WordPress Royal Elementor Addons plugin version 1.3.78 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : WordPress Royal Elementor Addons 1.3.78 RCE ...

WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin ElementInvader Addons for Elementor versions = 1.4.1...

CVE-2026-25014

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-25028

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-24982

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.17...

CVE-2026-24945

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

CVE-2026-1210

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elementordata' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress TopperPack – Complete Elementor Addons, theme & CPT Builder plugin <= 1.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Skalucy in WordPress Plugin TopperPack – Complete Elementor Addons, Theme & CPT Builder versions = 1.2.1...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta vulnerability

Missing Authorization via wprupdateformactionmeta vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via add_to_compare vulnerability

Cross-Site Request Forgery via addtocompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare vulnerability

Cross-Site Request Forgery via removefromcompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist vulnerability

Cross-Site Request Forgery via removefromwishlist vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...

CVE-2026-25028

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25014

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-24945

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

CVE-2026-25028

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...