176 matches found
EUVD-2024-45467
Malicious code in bioql PyPI...
CVE-2025-48354
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor better-post-filter-widgets-for-elementor allows Stored XSS.This issue affects Better Post & Filter Widgets for Elementor: from n/a throug...
CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...
CVE-2025-6253
The CVE-2025-6253 entry concerns the WordPress plugin UiCore Elements (Free Elementor widgets/templates) with versions up to and including 1.3.0. The vulnerability is an Arbitrary File Read caused by a missing capability check and insufficient controls on the filename in the prepare_template() fu...
PT-2025-32628 · WordPress · Uicore Elements
Name of the Vulnerable Software and Affected Versions: UiCore Elements – Free Elementor widgets and templates for WordPress versions up to and including 1.3.0 Description: The plugin is susceptible to arbitrary file reading via the prepare template function. This is due to a missing capability...
CVE-2025-7845
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2025-7845
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2025-7845
CVE-2025-7845 affects the WordPress plugin Stratum – Elementor Widgets (versions up to and including 1.6.0). The vulnerability is a Stored Cross-Site Scripting flaw in the Advanced Google Maps and Image Hotspot widgets caused by insufficient input sanitization and output escaping on user-supplied...
PT-2025-31604 · Elementor +1 · Elementor +1
Name of the Vulnerable Software and Affected Versions: Stratum – Elementor Widgets versions up to and including 1.6.0 Description: The Stratum – Elementor Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Advanced Google Maps and Image Hotspot widgets...
CVE-2024-50542
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zachsilberstein RLM Elementor Widgets Pack rlm-elementor-widgets-pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through = 1.3.1...
CVE-2024-5611
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-54228
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Weboccult Technologies Pvt Ltd Wot Elementor Widgets wot-elementor-widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through = 1.0.1...
CVE-2023-33930
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Code Injection.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5.66...
CVE-2025-1054 UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to...
CVE-2024-37090
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: fro...
CVE-2024-37089
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0...
CVE-2024-37092
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0...
CVE-2024-37091
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0;...
CVE-2024-13642
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13642 Stratum – Elementor Widgets <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerability via Image Hotspot Widget
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...