Lucene search
K

409 matches found

Patchstack
Patchstack
added 2026/04/08 3:28 a.m.6 views

WordPress Element Pack Addons for Elementor plugin <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SVG Image Widget vulnerability discovered by Webbernaut in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...

6.4CVSS5.9AI score0.00387EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31111

Name of the Vulnerable Software and Affected Versions The Element Pack Addons for Elementor plugin for WordPress versions up to and including 8.4.2 Description The Element Pack Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the SVG Image Widget. Th...

6.4CVSS6AI score0.00387EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.14 views

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00387EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/03/23 3:10 p.m.6 views

WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...

7.6CVSS6AI score0.00236EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/16 7:8 a.m.12 views

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/02/15 4:15 a.m.5 views

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS0.00308EPSS
Exploits0References3
CVE
CVE
added 2026/02/15 3:24 a.m.17 views

CVE-2026-1793

The CVE-2026-1793 entry concerns the Element Pack Addons for Elementor plugin for WordPress. All versions up to and including 8.3.17 are vulnerable via the SVG widget due to insufficient file validation in the render_svg function, enabling authenticated attackers with contributor-level access or ...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/15 3:24 a.m.5 views

CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/15 3:24 a.m.6 views

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/15 3:24 a.m.5 views

EUVD-2026-5833

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/15 3:24 a.m.39 views

CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS0.00308EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.10 views

WordPress plugin Element Pack Addons for Elementor 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/03 12:14 p.m.7 views

WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...

6.4CVSS5.3AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:42 p.m.6 views

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Price List Widget vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

6.4CVSS5.2AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:42 p.m.7 views

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Panel Slider Widget vulnerability discovered by RandomRoot in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

6.4CVSS5.2AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 8:9 a.m.11 views

WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.11...

6.4CVSS5.3AI score0.00337EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 6:41 a.m.9 views

WordPress Element Pack Elementor Addons plugin <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Open Map Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.2...

5.4CVSS7.3AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 6:16 a.m.8 views

WordPress Element Pack Elementor Addons plugin < 5.10.3 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Element Pack Elementor Addons versions 5.10.3...

5.4CVSS5.9AI score0.00349EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

4.3CVSS5.4AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-31413

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

4.3CVSS0.00133EPSS
Exploits0References1
Rows per page
Query Builder