Lucene search
K

12479 matches found

NVD
NVD
added 12 hours ago5 views

CVE-2026-61976

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...

5.3CVSS
Exploits0References1
NVD
NVD
added 12 hours ago4 views

CVE-2026-57804

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS
Exploits0References1
NVD
NVD
added 12 hours ago2 views

CVE-2026-57718

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor Free...

7.1CVSS
Exploits0References1
NVD
NVD
added 12 hours ago3 views

CVE-2026-57376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...

7.1CVSS
Exploits0References1
CVE
CVE
added 14 hours ago13 views

CVE-2026-57804

CVE-2026-57804 describes an PHP Local File Inclusion in CodexThemes TheGem Theme Elements (for Elementor), specifically TheGem Theme Elements for Elementor up to version 5.11.1. The issue arises from improper control of the filename used in include/require statements, enabling an attacker with au...

7.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago9 views

CVE-2026-61976 WordPress JetBlocks For Elementor plugin <= 1.5.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...

5.3CVSS
Exploits0References1
CVE
CVE
added 14 hours ago9 views

CVE-2026-61976

CVE-2026-61976 affects Crocoblock JetBlocks For Elementor (WordPress plugin) up to version 1.5.0. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere, enabling retrieval of embedded sensitive data. CVSS 3.1 metrics indicate a Network att...

5.3CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-57718 WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor Free...

7.1CVSS
Exploits0References1
CVE
CVE
added 14 hours ago5 views

CVE-2026-57376

CVE-2026-57376 : DOM-based cross-site scripting in WordPress plugin “ElementInvader Addons for Elementor” (elementinvader-addons-for-elementor) allows XSS via improper input neutralization. Affected: versions

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-57376 WordPress ElementInvader Addons for Elementor plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago143 views

WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. id: CVE-2023-32243 info: name: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset author:...

9.8CVSS7.1AI score0.75531EPSS
Exploits8References5
Nuclei
Nuclei
added 18 hours ago44 views

WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting

WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model. id: CVE-2022-29455 info: name: WordPress Elementor Website Builder = 3.5.5 - DOM Cross-Site Scripting author: rotembar,daffainfo severity: medium...

6.1CVSS6.4AI score0.2318EPSS
Exploits7References5
Nuclei
Nuclei
added 18 hours ago68 views

Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder 4.1.10 - Open Redirect...

6.1CVSS6.3AI score0.02295EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago62 views

WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting

WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplusmorepost AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary...

6.1CVSS6AI score0.02483EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago635 views

WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload

Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...

9.8CVSS6.9AI score0.81695EPSS
Exploits18References5
Nuclei
Nuclei
added 18 hours ago88 views

WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting

WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash. id: CVE-2021-24891 info: name: WordPress Elementor Website Builder 3.1.4 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.24006EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago945 views

WordPress Elementor 3.18.1 - File Upload/Remote Code Execution

The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. id: CVE-2023-48777 info: name: WordPress Elementor 3.18.1 - File...

9.9CVSS7.3AI score0.041EPSS
Exploits3References2
Nuclei
Nuclei
added 18 hours ago10 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS7AI score0.0074EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago54 views

Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS6.7AI score0.02289EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago12 views

HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation

The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the regrole parameter on the htmegaajaxregister function. This makes it possible for unauthenticated attackers to create administrator accounts. id...

9.8CVSS6.2AI score0.03043EPSS
Exploits0References4
Rows per page
Query Builder