EUVD-2026-5289

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elementordata' meta field in all versions up to, and including, 3.20.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-6231

Name of the Vulnerable Software and Affected Versions Spectra ultimate-addons-for-gutenberg versions through 2.19.17 Description An authorization issue exists in Brainstorm Force Spectra ultimate-addons-for-gutenberg, allowing exploitation of incorrectly configured access control security levels...

WordPress plugin Happy Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Ultimate Addons for Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

WordPress plugin Enter Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin ElementInvader Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-6219

Name of the Vulnerable Software and Affected Versions Themefic Ultimate Addons for Contact Form 7 versions through 3.5.34 Description An issue exists in Themefic Ultimate Addons for Contact Form 7 related to incorrectly configured access control security levels, potentially allowing unauthorized...

PT-2026-6031

Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor plugin versions up to and including 3.20.7 Description The Happy Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escapi...

PT-2026-6247

Name of the Vulnerable Software and Affected Versions themelooks Enter Addons versions prior to 2.3.3 Description A Cross-Site Request Forgery CSRF issue exists in themelooks Enter Addons. This allows attackers to perform actions on behalf of authenticated users without their knowledge. The issue...

PT-2026-6257

Name of the Vulnerable Software and Affected Versions ElementInvader Addons for Elementor versions through 1.4.1 Description An issue exists in ElementInvader Addons for Elementor where incorrectly configured access control security levels can be exploited, leading to a missing authorization...

WordPress Happy Addons for Elementor plugin <= 3.20.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_elementor_data' Meta Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'elementordata' Meta Field vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Happy Addons for Elementor versions = 3.20.7...

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Price List Widget vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animated Text Widget vulnerability discovered by wesley wcraft in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Slider Widget vulnerability discovered by 0liveira in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Nikolas - mdr in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Carousel Widget vulnerability discovered by RandomRoot in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Multislider Widget vulnerability discovered by Drian - Pato Academy in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

WordPress Happy Addons for Elementor plugin <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Photo Stack Widget vulnerability discovered by RandomRoot in WordPress Plugin Happy Addons for Elementor versions = 3.10.3...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Messenger Chat Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multi Scroll Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...