4 matches found
CVE-2026-1572
CVE-2026-1572 affects Livemesh Addons for Elementor (WordPress). All versions up to 9.0 are vulnerable due to missing authorization checks on AJAX handler lae_admin_ajax() and insufficient output escaping across multiple checkbox settings fields. This enables authenticated users with Subscriber-l...
WordPress plugin Livemesh Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Posts Slider Widget vulnerability discovered by 0liveira in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...
Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Enter the setting page of this plugin. 2...