Lucene search
K

2327 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.14 views

CVE-2026-4326

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activaterequiredplugins function. Specifically, the currentusercan'installplugins' capability check does...

8.8CVSS5.9AI score0.00578EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.6AI score0.00373EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 8:59 a.m.11 views

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.4...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/04 2:5 p.m.8 views

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.3...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 6:43 a.m.20 views

CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 6:43 a.m.22 views

EUVD-2026-33254

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 2:16 a.m.24 views

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

6.4CVSS0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 1:26 a.m.33 views

CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress (WordPress plugin family) contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin-facing endpoint /wp-json/agwp/v1/tokens/save. Affects versions up to 2.5.0; root cause i...

6.4CVSS6AI score0.00156EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin ElementsKit Elementor addons Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

WordPress plugin Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/26 12:12 p.m.14 views

WordPress Style Kits for Elementor plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Style Kits versions = 2.5.0...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/25 11:16 p.m.15 views

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 10:5 p.m.10 views

CVE-2026-48837 WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.8AI score0.00373EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:5 p.m.26 views

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 10:5 p.m.50 views

CVE-2026-48837

CVE-2026-48837: SQL Injection in WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

8.5CVSS5.8AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 10:5 p.m.13 views

EUVD-2026-31759

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

8.5CVSS5.8AI score0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43150

Name of the Vulnerable Software and Affected Versions Unlimited Elements For Elementor versions prior to 2.0.9 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return...

8.5CVSS5.9AI score0.00373EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 4:29 a.m.15 views

EUVD-2026-31410

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the easyelhandleregister function. This is due to the wpajaxnopriveelregister AJAX handler iterating the attacker-controlled...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.21 views

WordPress plugin Easy Elements for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References5
NVD
NVD
added 2026/05/20 4:16 a.m.18 views

CVE-2025-15369

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

5.3CVSS0.00248EPSS
Exploits0References2
Rows per page
Query Builder