82 matches found
CVE-2025-26912
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Stored XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.6...
CVE-2025-26912
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Stored XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.6...
CVE-2025-26912
CVE-2025-26912 corresponds to a Stored XSS in HashThemes Easy Elementor Addons. The connected document confirms the vulnerability affects Easy Elementor Addons up to and including 2.1.6, caused by improper input neutralization during web page generation. The issue is client-executable when user-s...
CVE-2025-26761
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...
CVE-2025-26761 WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...
CVE-2025-26761 WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through = 2.1.5...
CVE-2025-26761
CVE-2025-26761 describes a DOM-based XSS in WordPress plugin Easy Elementor Addons (affected
CVE-2025-22296
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9...
CVE-2025-22296
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hashthemes Hash Elements hash-elements.This issue affects Hash Elements: from n/a through = 1.5.0...
CVE-2025-22296
CVE-2025-22296 describes a Cross‑Site Scripting (XSS) vulnerability in WordPress Hash Elements (HashThemes) plugin. Affected versions are 1.4.9 and earlier, with the root cause being improper neutralization of input during web page generation. The impact is XSS exposure via user-supplied data. Re...
PT-2025-4411 · Hasthemes · Hash Elements
Name of the Vulnerable Software and Affected Versions: HashThemes Hash Elements versions 1.4.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. This allows attackers to inject malicious scripts in...
CVE-2023-28990
Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9...
CVE-2023-28990
Missing Authorization vulnerability in hashthemes Viral Mag viral-mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through = 1.0.9...
CVE-2023-27456
Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19...
CVE-2023-28990
CVE-2023-28990 : WordPress theme Viral Mag (versions ≤ 1.0.9) suffers a Missing Authorization flaw that enables an authenticated user withsubscriber privileges to activate plugins arbitrarily due to broken access control. The issue is classed as a Medium risk with CVSSv3.1 score 4.3 (AV:N/AC:L/PR...
CVE-2023-27456
CVE-2023-27456 is a missing-authorization vulnerability in the WordPress plugin/theme set for HashThemes Total (Total theme). It affects versions up to 2.1.19 and allows an authenticated user (subscriber) to activate arbitrary plugins due to incorrectly configured access control. The issue is cha...
CVE-2023-30486
Missing Authorization vulnerability in hashthemes Square square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through = 2.0.0...
CVE-2023-30486
Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0...
CVE-2023-30486 WordPress Square theme <= 2.0.0 - Broken Access Control
Missing Authorization vulnerability in hashthemes Square square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through = 2.0.0...
PT-2024-12239 · Hasthemes · Hashthemes Square
Name of the Vulnerable Software and Affected Versions: HashThemes Square versions n/a through 2.0.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For HashThemes Square...