CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2279 matches found

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS8.3AI score0.14462EPSS

Exploits3References2

Nuclei•added yesterday•6 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS8.1AI score0.0074EPSS

Exploits0References3

Nuclei•added yesterday•10 views

HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation

The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the regrole parameter on the htmegaajaxregister function. This makes it possible for unauthenticated attackers to create administrator accounts. id...

9.8CVSS5.7AI score0.03043EPSS

Exploits0References4

NVD•added 2 days ago•5 views

CVE-2026-45437

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS0.00175EPSS

Exploits0References1

Cvelist•added 2 days ago•23 views

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

9.8CVSS0.00383EPSS

Exploits0References1

EUVD•added 2 days ago•3 views

EUVD-2026-36840

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References1

Cvelist•added 2 days ago•22 views

CVE-2026-25440 WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...

5.3CVSS0.00214EPSS

Exploits0References1

Positive Technologies•added 2 days ago•4 views

PT-2026-49478

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

6.5CVSS5.1AI score0.00205EPSS

Exploits0References2

RedhatCVE•added 6 days ago•8 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00206EPSS

Exploits0References1

NVD•added last week•8 views

CVE-2026-8613

6.4CVSS0.00206EPSS

Exploits0References8

Cvelist•added last week•36 views

CVE-2026-8613 aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting

6.4CVSS0.00206EPSS

Exploits0References8

NVD•added last week•11 views

CVE-2025-8444

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00156EPSS

Exploits0References2

EUVD•added 2026/06/10 4:31 a.m.•9 views

EUVD-2025-210103

6.4CVSS5.7AI score0.00156EPSS

Exploits0References2

Patchstack•added 2026/06/09 6:49 p.m.•6 views

WordPress aThemes Addons for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin aThemes Addons for Elementor versions = 1.1.8...

6.4CVSS5.4AI score0.00206EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 3:41 a.m.•28 views

CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00205EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 3:41 a.m.•5 views

CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter

6.1CVSS5.7AI score0.00205EPSS

Exploits0References2

EUVD•added 2026/06/09 3:41 a.m.•6 views

EUVD-2026-35316

6.1CVSS5.7AI score0.00205EPSS

Exploits0References2

Cvelist•added 2026/06/06 2:28 a.m.•39 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS0.00322EPSS

Exploits1References14