Lucene search
K

573 matches found

Vulnrichment
Vulnrichment
added 2025/12/31 2:59 p.m.2 views

CVE-2025-63053 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4...

5.3CVSS6.6AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 6:0 a.m.33 views

CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

0.00245EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner button link vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Banner button link vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Anber Elementor Addon versions = 1.0.1...

6.4CVSS5.9AI score0.00185EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Essential Addons for Elementor plugin <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.1.12...

6.4CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/30 11:16 a.m.2 views

CVE-2025-69092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.5.3...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.5 views

CVE-2025-68500

Server-Side Request Forgery SSRF vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through = 4.0.10...

4.9CVSS7AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 1:16 p.m.6 views

CVE-2025-68494

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...

5.3CVSS0.00305EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

WordPress plugin Prime Slider – Addons For Elementor 安全漏洞

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

4.9CVSS6.8AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.8 views

PT-2025-53075

Name of the Vulnerable Software and Affected Versions Leap13 Premium Addons for Elementor versions through 4.11.53 Description A flaw exists in Leap13 Premium Addons for Elementor that could allow unauthorized retrieval of sensitive data. The issue involves the exposure of sensitive system...

7.5CVSS6.1AI score0.00305EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53153

Name of the Vulnerable Software and Affected Versions Master Addons for Elementor versions through 2.0.5.3 Description A missing authorization flaw exists in Jewel Theme Master Addons for Elementor, allowing exploitation due to incorrectly configured access control security levels. Recommendation...

6.5CVSS6.6AI score0.00247EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/18 9:44 p.m.8 views

WordPress Prime Slider – Addons for Elementor plugin <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Deadbee - NA in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.9...

4.3CVSS6.8AI score0.00279EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/16 9:15 a.m.5 views

CVE-2025-67951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.29 views

CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.2 views

CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through = 1.2.10...

6.5CVSS6AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.11 views

PT-2025-51435

Name of the Vulnerable Software and Affected Versions WPZOOM Addons for Elementor versions through 1.2.10 Description The software contains a flaw related to improper input handling during web page creation, specifically a DOM-Based Cross-site Scripting issue. This allows for potential malicious...

6.5CVSS6.9AI score0.00156EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/15 6:35 p.m.7 views

WordPress Addon Elements for Elementor plugin <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.14.3...

6.4CVSS5.5AI score0.00221EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/14 5:21 a.m.3 views

CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS4.8AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2025/12/14 5:21 a.m.22 views

CVE-2025-12537

The WordPress plugin Addon Elements for Elementor is affected by a Stored Cross-Site Scripting (XSS) vulnerability in versions up to 1.14.3 due to insufficient input filtering and output escaping across multiple widget parameters. An authenticated attacker with Contributor-level access or higher ...

6.4CVSS4.8AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/14 5:21 a.m.22 views

CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.6 views

PT-2025-51147

The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, wi...

6.4CVSS5.1AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder