CVE-2024-2385

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.4 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

EUVD-2025-24907

Malicious code in bioql PyPI...

CVE-2024-43342

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4...

CVE-2024-2539

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget 'id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-1461

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-7247

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input...

CVE-2024-3639

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes like 'gridskin'. This makes it...

CVE-2023-2189

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

CVE-2023-1807

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the togglewidget function. This makes it possible for unauthenticated attackers t...

CVE-2025-32196

CVE-2025-32196: News Kit Elementor Addons (News Kit Elementor Addons) vulnerable to Stored XSS due to insufficient input handling; authenticated users (Contributor+) can exploit it. Affected versions include up to 1.3.1; patch status is Unpatched per Wordfence/related sources in connected documen...

CVE-2025-31813 WordPress WPSHARE247 Elementor Addons plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Website366.com WPSHARE247 Elementor Addons allows Stored XSS. This issue affects WPSHARE247 Elementor Addons: from n/a through 2.1...

WordPress Plugin Elementor Addons AI Addons Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin Elementor Addons AI Addons version...