Lucene search
K

246 matches found

NVD
NVD
added 2026/07/02 10:16 a.m.7 views

CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS0.00372EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41273

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 9:32 a.m.37 views

CVE-2026-9145 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload via Elementor Pro Form Upload Field 'raw_value'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS0.00372EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 9:32 a.m.25 views

CVE-2026-9145

The CVE-2026-9145 entry describes an Arbitrary File Copy vulnerability in the Database for Contact Form 7, WPforms, and Elementor forms plugin for WordPress (≤ 1.5.1). The flaw is in the Contact Form Entries handler, which uses the raw_value from Elementor Pro’s Form_Record for upload-type fields...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-54951

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...

6.5CVSS6AI score0.00372EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/05/23 5:45 p.m.151 views

Exploit for CVE-2026-4885

CVE-2026-4885 – Piotnet Addons for Elementor Pro Mass Exploit...

9.8CVSS6.1AI score0.00953EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/05/21 11:16 a.m.128 views

Exploit for CVE-2026-4885

CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...

9.8CVSS5.8AI score0.00953EPSS
Exploits2
Patchstack
Patchstack
added 2026/05/21 7:26 a.m.12 views

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...

9.8CVSS5.8AI score0.00953EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2026/05/19 8:16 a.m.24 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/19 6:46 a.m.47 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:46 a.m.10 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References3
EUVD
EUVD
added 2026/05/19 6:46 a.m.20 views

EUVD-2026-30849

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
CVE
CVE
added 2026/05/19 6:46 a.m.48 views

CVE-2026-4885

The affected product is the Piotnet Addons for Elementor Pro plugin for WordPress. A vulnerability exists in the pafe_ajax_form_builder function across all versions up to and including 7.1.70 due to missing file type validation and an incomplete extension blacklist that blocks only a limited set ...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/19 6:46 a.m.17 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

WordPress plugin Piotnet Addons for Elementor Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

9.8CVSS6.3AI score0.00953EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.5 views

CVE-2026-27983

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.7 views

EUVD-2026-9653

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

5.9AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.3 views

CVE-2026-27983

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

9.8CVSS0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.1 views

CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.32 views

CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

9.8CVSS0.00321EPSS
Exploits0References1
Rows per page
Query Builder