CVE-2025-6229 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`

The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Text Widget And Countdown Widget DOM attributes in...

PT-2026-27062

The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Text Widget And Countdown Widget DOM attributes in...

EUVD-2024-38173

Malicious code in bioql PyPI...

CVE-2025-57999 WordPress WPKoi Templates for Elementor Plugin <= 3.4.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpkoithemes WPKoi Templates for Elementor allows DOM-Based XSS. This issue affects WPKoi Templates for Elementor: from n/a through 3.4.1...

CVE-2025-49262

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1...

CVE-2024-49234

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeworm Plexx Elementor Extension plexx-elementor-extension allows DOM-Based XSS.This issue affects Plexx Elementor Extension: from n/a through = 1.3.6...

CVE-2025-31849

CVE-2025-31849 describes a Stored XSS in Nemesis All-in-One (Newspaper Builder Elementor Extension). The description notes improper input neutralization during web page generation, enabling stored cross-site scripting. Affected range per the CVE entry is Nemesis All-in-One: from n/a through 1.1.0...

CVE-2025-31849 WordPress Nemesis All-in-One plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fbtemplates Nemesis All-in-One nemesis-all-in-one allows Stored XSS.This issue affects Nemesis All-in-One: from n/a through = 1.1.3...

CVE-2024-12624

The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

PT-2025-1919 · WordPress · Sina Extension For Elementor

Name of the Vulnerable Software and Affected Versions: Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.5.91 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget due to insufficient input sanitization and outp...

PT-2024-34718 · Unknown · Extender All In One For Elementor

Name of the Vulnerable Software and Affected Versions: Extender All In One For Elementor versions 1.0.3 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that...

CVE-2024-49234

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in themeworm Plexx Elementor Extension allows Stored XSS.This issue affects Plexx Elementor Extension: from n/a through 1.3.4...

CVE-2024-49234

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeworm Plexx Elementor Extension plexx-elementor-extension allows DOM-Based XSS.This issue affects Plexx Elementor Extension: from n/a through = 1.3.6...

CVE-2024-49234 WordPress Plexx Elementor Extension plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeworm Plexx Elementor Extension plexx-elementor-extension allows DOM-Based XSS.This issue affects Plexx Elementor Extension: from n/a through = 1.3.6...

CVE-2024-49234 WordPress Plexx Elementor Extension plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeworm Plexx Elementor Extension plexx-elementor-extension allows DOM-Based XSS.This issue affects Plexx Elementor Extension: from n/a through = 1.3.6...

CVE-2024-49234

CVE-2024-49234 concerns the Plexx Elementor Extension for WordPress. The vulnerability is a Cross-Site Scripting (Stored XSS) flaw caused by improper input neutralization during web page generation, affecting Plexx Elementor Extension versions from n/a up to and including 1.3.4. Patchstack and CV...

PT-2024-33371 · Unknown · Plexx Elementor Extension

Name of the Vulnerable Software and Affected Versions: Plexx Elementor Extension versions 1.3.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations...

WordPress plugin Plexx Elementor Extension 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Sina Extension for Elementor plugin <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Sina Modal Box Widget Elementor Template vulnerability discovered by Nishiv in WordPress Plugin Sina Extension for Elementor versions = 3.5.7...

WordPress Plexx Elementor Extension plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Plexx Elementor Extension versions = 1.3.6...