Lucene search
+L

211 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.33 views

CVE-2025-1261

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.8 views

CVE-2024-2664

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00451EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Spexo Addons for Elementor plugin <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.23...

6.4CVSS5.9AI score0.00222EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/14 8:45 a.m.10 views

CVE-2025-8687

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/14 7:59 a.m.12 views

CVE-2025-8779

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.7 views

EUVD-2025-203241

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS4.6AI score0.00189EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-8779

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/13 8:21 a.m.5 views

CVE-2025-8687 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 8:21 a.m.22 views

CVE-2025-8687

CVE-2025-8687 refers to the WordPress plugin Enter Addons (formerly Elementor Addon Elements) vulnerability. The issue is a Stored Cross-Site Scripting (XSS) in the Countdown and Image Comparison widgets affecting all versions up to and including 2.2.7, caused by insufficient input sanitization a...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 8:21 a.m.31 views

CVE-2025-8687 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 7:21 a.m.29 views

CVE-2025-8779 All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 7:21 a.m.24 views

CVE-2025-8779

CVE-2025-8779: All-in-One Addons for Elementor – WidgetKit (WordPress) is affected by a stored XSS in the Team and Countdown widgets due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated access at contributor level or higher, e...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/13 7:21 a.m.4 views

CVE-2025-8779 All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/13 3:19 a.m.6 views

WordPress Enter Addons plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Enter Addons versions = 2.2.7...

6.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/13 1:54 a.m.13 views

WordPress All-in-One Addons for Elementor – WidgetKit plugin <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Team and Countdown Widgets vulnerability discovered by zer0gh0st in WordPress Plugin WidgetKit versions = 2.5.6...

6.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.8 views

WordPress plugin All-in-One Addons for Elementor – WidgetKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.1AI score0.00189EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

WordPress plugin Enter Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.10 views

PT-2025-51107

The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown and Image Comparison widgets in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51093

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team and Countdown widgets in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.00189EPSS
Exploits0References3
NVD
NVD
added 2025/10/22 9:15 a.m.4 views

CVE-2025-11880

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00176EPSS
Exploits0References2
Rows per page
Query Builder