CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/02/02 6:44 a.m.•5 views

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...

6.4CVSS7.3AI score0.00399EPSS

Patchstack•added 2026/01/30 6:16 a.m.•6 views

WordPress Element Pack Elementor Addons plugin < 5.10.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Element Pack Elementor Addons versions 5.10.3...

5.4CVSS5.9AI score0.00342EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/01/29 3:18 p.m.•6 views

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

RedhatCVE•added 2026/01/29 9:24 a.m.•13 views

Exploits0References1

CVE-2025-9082

The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. This makes it possible for authenticat...

Patchstack•added 2026/01/28 9:37 p.m.•7 views

Exploits0References1

WordPress WP Adminify plugin <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability

Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability discovered by ibrahimsql in WordPress Plugin WP Adminify versions = 4.0.7.7...

Cvelist•added 2026/01/28 2:25 p.m.•28 views

CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

5.3CVSS0.00247EPSS

Exploits0References3

Vulnrichment•added 2026/01/28 2:25 p.m.•4 views

CVE-2026-1060 WP Adminify <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API

CVE•added 2026/01/28 2:25 p.m.•19 views

Exploits0References3

CVE-2026-1060

CVE-2026-1060 concerns the WordPress plugin WP Adminify. The vulnerability allows unauthenticated access to sensitive addon information via the REST endpoint /wp-json/adminify/v1/get-addons-list. The endpoint is registered with a permisssion_callback of __return_true, enabling any user to retriev...

Patchstack•added 2026/01/28 1:20 p.m.•3 views

Exploits0References3

WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Enter Addons versions = 2.3.2...

4.3CVSS5.3AI score0.00098EPSS

Exploits0Affected Software1

Patchstack•added 2026/01/28 11:26 a.m.•5 views

WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...

4.3CVSS5.4AI score0.00185EPSS

Exploits0Affected Software1

NVD•added 2026/01/28 7:15 a.m.•8 views

CVE-2025-9082

6.4CVSS0.0027EPSS

CVE•added 2026/01/28 6:43 a.m.•23 views

CVE-2025-9082

CVE-2025-9082 concerns the WPBITS Addons For Elementor plugin (WordPress). The vulnerability is a Stored Cross-Site Scripting in multiple widget parameters when dynamic content is enabled, exploitable by authenticated users with contributor-level permissions and above. Root cause is insufficient ...

Cvelist•added 2026/01/28 6:43 a.m.•36 views

CVE-2025-9082 WPBITS Addons For Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.0027EPSS

EUVD•added 2026/01/28 6:43 a.m.•5 views

EUVD-2025-206504

ATTACKERKB•added 2026/01/28 6:43 a.m.•5 views

CVE-2025-9082

Patchstack•added 2026/01/28 1:36 a.m.•6 views

Exploits0References6

WordPress WPBITS Addons For Elementor plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.8...

6.4CVSS5.9AI score0.0027EPSS

Positive Technologies•added 2026/01/28 12:0 a.m.•5 views

PT-2026-5065

CNNVD•added 2026/01/28 12:0 a.m.•5 views

Exploits0References6

WordPress plugin WP Adminify has a vulnerability related to information leakage.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

5.3CVSS5.8AI score0.00247EPSS

Exploits0References4

Positive Technologies•added 2026/01/28 12:0 a.m.•7 views

PT-2026-5125

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission callback set to return true, allowing unauthenticated...