Lucene search
K

838 matches found

Nuclei
Nuclei
added yesterday62 views

WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting

WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplusmorepost AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary...

6.1CVSS6AI score0.02483EPSS
Exploits2References5
CVE
CVE
added 2 days ago12 views

CVE-2026-61976

CVE-2026-61976 affects Crocoblock JetBlocks For Elementor (WordPress plugin) up to version 1.5.0. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere, enabling retrieval of embedded sensitive data. CVSS 3.1 metrics indicate a Network att...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-57416

Name of the Vulnerable Software and Affected Versions The Essential Addons for Elementor versions prior to 6.6.11 Description Insufficient server-side validation of a Login/Register widget setting allows authenticated attackers with Contributor-level access or higher to perform Email Header...

8.8CVSS6.1AI score0.00367EPSS
Exploits0References12
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42793

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS6.1AI score0.00307EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-15285 The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS0.00261EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55522

Name of the Vulnerable Software and Affected Versions RTMKit versions prior to 2.0.8 Description The RTMKit rometheme-for-elementor plugin for WordPress contains a Local File Inclusion flaw. This occurs because the render templates AJAX endpoint does not properly validate the template parameter...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References10
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-11380

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:32 a.m.6 views

EUVD-2026-40909

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient output escaping and missing server-side validation of the Animated Box widget's animationeffect setting before it is rendered inside a...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:18 p.m.9 views

EUVD-2026-36848

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

6.4CVSS5.1AI score0.002EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References15
CVE
CVE
added 2026/06/06 1:26 a.m.27 views

CVE-2026-9281

The CVE-2026-9281 affects the WordPress plugin Master Addons For Elementor (Widgets/Extensions/Theme Builder/Popup Builder & Template Kits). Vulnerable component: the jtlma_custom_js (Custom JS Extension) page-setting storage, where insufficient input sanitization and output escaping allow a stor...

6.4CVSS5.7AI score0.00214EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.19 views

PT-2026-47125

Name of the Vulnerable Software and Affected Versions Master Addons For Elementor versions prior to 3.1.1 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access or higher can...

6.4CVSS5.7AI score0.00214EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

WordPress plugin Unlimited Elements For Elementor SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

8.5CVSS5.9AI score0.00373EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/22 6:46 a.m.11 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by sorawautsukushiii in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.5...

8.8CVSS5.8AI score0.00541EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:21 a.m.9 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Ankit Patel in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.4...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/20 12:11 p.m.39 views

CVE-2026-45443 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

5CVSS0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5CVSS5.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 5:30 a.m.13 views

CVE-2026-5243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References2
Rows per page
Query Builder