EUVD-2026-5311

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25028 WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25028 WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25028

CVE-2026-25028 affects WordPress plugin ElementInvader Addons for Elementor (versions up to and including 1.4.1). The root cause is missing authorization due to incorrectly configured access control security levels, enabling unauthorized access. Vulnerable component: ElementInvader Addons for Ele...

CVE-2026-25014

CVE-2026-25014 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Enter Addons (themelooks) affecting Enter Addons versions from n/a up to and including 2.3.2. The CVSS v3.1 base score is 4.3 (Medium) with network attack vector, required user interaction, and part...

EUVD-2026-5298

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-25014 WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-25014 WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-25014

Cross-Site Request Forgery CSRF vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through = 2.3.2...

CVE-2026-24982

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.17...

CVE-2026-24945 WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.34 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

EUVD-2026-5189

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...

WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.5...

CVE-2026-1210

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elementordata' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Classic Addons - WPBakery Page Builder plugin <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion vulnerability

WordPress Classic Addons - WPBakery Page Builder plugin = 3.0 - Authenticated Contributor+ Limited Local PHP File Inclusion vulnerability discovered by Nishiv - Developer in WordPress Plugin Classic Addons – WPBakery Page Builder versions = 3.0...

WordPress ElementInvader Addons for Elementor plugin <= 1.3.1 - Missing Authorization to Arbitrary Options Read vulnerability

Missing Authorization to Arbitrary Options Read vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...

CVE-2026-1210

The CVE-2026-1210 entry describes a Stored Cross-Site Scripting vulnerability in the Happy Addons for Elementor WordPress plugin, affecting all versions up to 3.20.7. The root cause is insufficient input sanitization and output escaping in the '_elementor_data' meta field. Exploitation requires a...

CVE-2026-1210 Happy Addons for Elementor <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elementordata' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1210

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elementordata' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...