CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

CVE-2026-6048

The Flipbox Addon for Elementor (WordPress) contains a Stored Cross-Site Scripting (XSS) vulnerability in the Flipbox widget button URL parameter custom_attributes. In versions up to 2.1.1, it validates attribute names with esc_html(), which does not block event handler attributes (e.g., onmouseo...

PT-2026-33589

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL custom attributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses esc htm...

EUVD-2026-13072

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the...

CVE-2026-4120

The Info Cards – Add Text and Media in Card Layouts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnUrl' parameter within the Info Cards block in all versions up to, and including, 2.0.7. This is due to insufficient input validation on URL schemes, specifically the...

CVE-2025-66686

A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...

Perch CMS 安全漏洞

Perch CMS is a content management system from Perch. A security vulnerability exists in Perch CMS version 3.2, which stems from a stored cross-site script in the Help button url setting in the admin panel, which could lead to session hijacking, information disclosure, elevation of privilege, or...

CVE-2025-66686

A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...

PT-2026-1860

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description A stored Cross-Site Scripting XSS issue exists in Perch CMS. An attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The...

PT-2025-33525 · WordPress · Anber Elementor Addon

Name of the Vulnerable Software and Affected Versions: Anber Elementor Addon versions prior to 1.0.2 Description: The Anber Elementor Addon plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

CVE-2024-1157

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...

CVE-2024-1157

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...