573 matches found
CVE-2025-63053 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4...
CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure
The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...
WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Banner button link vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Anber Elementor Addon versions = 1.0.1...
WordPress Essential Addons for Elementor plugin <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.1.12...
CVE-2025-69092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.5.3...
CVE-2025-68500
Server-Side Request Forgery SSRF vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through = 4.0.10...
CVE-2025-68494
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...
WordPress plugin Prime Slider – Addons For Elementor 安全漏洞
WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...
PT-2025-53075
Name of the Vulnerable Software and Affected Versions Leap13 Premium Addons for Elementor versions through 4.11.53 Description A flaw exists in Leap13 Premium Addons for Elementor that could allow unauthorized retrieval of sensitive data. The issue involves the exposure of sensitive system...
PT-2025-53153
Name of the Vulnerable Software and Affected Versions Master Addons for Elementor versions through 2.0.5.3 Description A missing authorization flaw exists in Jewel Theme Master Addons for Elementor, allowing exploitation due to incorrectly configured access control security levels. Recommendation...
WordPress Prime Slider – Addons for Elementor plugin <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Deadbee - NA in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.9...
CVE-2025-67951
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...
CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...
CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...
PT-2025-51435
Name of the Vulnerable Software and Affected Versions WPZOOM Addons for Elementor versions through 1.2.10 Description The software contains a flaw related to improper input handling during web page creation, specifically a DOM-Based Cross-site Scripting issue. This allows for potential malicious...
WordPress Addon Elements for Elementor plugin <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.14.3...
CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...
CVE-2025-12537
The WordPress plugin Addon Elements for Elementor is affected by a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 1.14.3 due to insufficient input filtering and output escaping across multiple widget parameters. An authenticated attacker with Contributor-level access or higher ...
CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...
PT-2025-51147
The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...