CVE-2025-69374

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through =...

CVE-2025-69374 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through =...

CVE-2026-2284

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'necleandata' AJAX action. This makes it possible for authenticated attackers,...

CVE-2026-2284

CVE-2026-2284 concerns the News Element Elementor Blog Magazine plugin for WordPress (

WordPress plugin News Element Elementor Blog Magazine 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20640

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...

WordPress News Element Elementor Blog Magazine plugin <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability

Missing Authorization to Authenticated Subscriber+ Data Loss vulnerability discovered by Legion Hunter in WordPress Plugin News Element Elementor Blog Magazine versions = 1.0.8...

EUVD-2025-9823

Malicious code in bioql PyPI...

CVE-2025-32191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through = 1.0.9...

CVE-2025-32191

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through = 1.0.9...

CVE-2025-32191

CVE-2025-32191 affects News Element Elementor Blog Magazine (WordPress plugin), with versions up to 1.0.7. The connected document confirms a Stored Cross-Site Scripting (authenticated: Contributor+ required) vulnerability in how input is handled and surfaced in web page content. The core issue is...

CVE-2025-32191 WordPress News Element Elementor Blog Magazine plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon News Element Elementor Blog Magazine news-element allows DOM-Based XSS.This issue affects News Element Elementor Blog Magazine: from n/a through = 1.0.9...

CVE-2024-12043

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sociallinktitle' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient...

CVE-2024-10663 Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission

The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbyeformcallback function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submission vulnerability

Missing Authorization to Authenticated Subscriber+ Deactivation Submission vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 1.8...

CVE-2024-6459 News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-33945 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8...

PT-2024-25577 · Eleblog · Eleblog

Name of the Vulnerable Software and Affected Versions: Eleblog – Elementor Blog And Magazine Addons versions 1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 1.8...