Lucene search
K

2315 matches found

CVE
CVE
added 5 hours ago12 views

CVE-2026-57804

CVE-2026-57804 describes an PHP Local File Inclusion in CodexThemes TheGem Theme Elements (for Elementor), specifically TheGem Theme Elements for Elementor up to version 5.11.1. The issue arises from improper control of the filename used in include/require statements, enabling an attacker with au...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 5 hours ago3 views

CVE-2026-57376

CVE-2026-57376 : DOM-based cross-site scripting in WordPress plugin “ElementInvader Addons for Elementor” (elementinvader-addons-for-elementor) allows XSS via improper input neutralization. Affected: versions

7.1CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 9 hours ago10 views

Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

7.1CVSS7AI score0.0074EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago12 views

HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation

The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the regrole parameter on the htmegaajaxregister function. This makes it possible for unauthenticated attackers to create administrator accounts. id...

9.8CVSS6.2AI score0.03043EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago66 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7AI score0.14462EPSS
Exploits3References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43126

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the gettypetemplate function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

7.5CVSS6.5AI score0.00565EPSS
Exploits0References7
CVE
CVE
added 2 days ago14 views

CVE-2026-15338

CVE-2026-15338 concerns the LA-Studio Element Kit for Elementor plugin for WordPress. Affected: all versions up to 1.6.1. Issue: Local File Inclusion via the get_type_template function in the progress_type widget setting. Exploitation requires authenticated access at contributor level or higher, ...

7.5CVSS6.5AI score0.00565EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42831

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
CVE
CVE
added 3 days ago15 views

CVE-2026-13347

The CVE-2026-13347 entry documents an unauthenticated Arbitrary File Read in WordPress Hide My WP Lite (versions ≤ 1.3) via the he_wrapper_js and he_wrapper_css parameters. The vulnerability stems from elementor_assets_filter() concatenating user input onto ABSPATH and passing it to file_get_cont...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

0.00182EPSS
Exploits0References1
NVD
NVD
added 3 days ago10 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15299 Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-15284

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score0.00307EPSS
Exploits0References11
Patchstack
Patchstack
added 4 days ago4 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Taylsec in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.12...

7.1CVSS6.1AI score
Exploits0Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-6459

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-6459 Essential Addons for Elementor <= 6.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via Event Calendar Widget Popup

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced...

6.4CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42176

The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symparfereplacecontent function, which uses...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 6 days ago5 views

WordPress ElementInvader Addons for Elementor plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin ElementInvader Addons for Elementor versions = 1.4.3...

7.1CVSS5.9AI score
Exploits0Affected Software1
Rows per page
Query Builder