Lucene search
K

2301 matches found

CVE
CVE
added 2026/04/09 1:25 a.m.16 views

CVE-2026-4326

CVE-2026-4326 concerns the Vertex Addons for Elementor plugin for WordPress, affecting all versions up to 1.6.4. The root cause is improper authorization enforcement in the activate_required_plugins() function: the capability check current_user_can('install_plugins') does not terminate execution ...

8.8CVSS6.2AI score0.00578EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

WordPress plugin Vertex Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.9AI score0.00578EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through = 9.0...

5.9AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20129

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS6.1AI score0.00387EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/08 9:31 a.m.15 views

EUVD-2026-20165

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.3.2...

5.9AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through = 9.0...

6.5CVSS0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 8:30 a.m.13 views

EUVD-2026-20404

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.11 views

CVE-2026-39500

CVE-2026-39500 is a Stored XSS in the WordPress plugin themesflat-addons-for-elementor (versions

6.5CVSS5.9AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 7:43 a.m.20 views

CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS0.00387EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/08 7:43 a.m.1 views

CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

6.4CVSS6.1AI score0.00387EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/08 6:31 a.m.3 views

EUVD-2026-20056

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...

6.4CVSS6.1AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 6:31 a.m.6 views

EUVD-2026-20046

The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'followustext' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the...

6.4CVSS6.1AI score0.00362EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 6:16 a.m.2 views

CVE-2026-3311

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...

6.4CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 5:28 a.m.8 views

CVE-2026-3311

The CVE-2026-3311 family concerns The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce (WordPress) up to version 6.4.9. All connected sources describe a Stored Cross-Site Scripting vulnerability via the Progress Bar shortcode caused by insufficient...

6.4CVSS6.1AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.14 views

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00387EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31057

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in all versions up to, and including, 3.35.5 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

WordPress plugin Prime Slider – Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

6.4CVSS5.6AI score0.00362EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31086

Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress versions up to and including 6.4.9 Description The Plus Addons for Elementor plugin for WordPress is susceptible to Stor...

6.4CVSS5.9AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31081

Name of the Vulnerable Software and Affected Versions Prime Slider – Addons for Elementor plugin for WordPress versions up to and including 4.1.10 Description The Prime Slider – Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient...

6.4CVSS5.9AI score0.00362EPSS
Exploits0References10
Rows per page
Query Builder