Lucene search
K

4 matches found

CVE
CVE
added 2026/04/16 6:44 a.m.13 views

CVE-2026-1572

CVE-2026-1572 affects Livemesh Addons for Elementor (WordPress). All versions up to 9.0 are vulnerable due to missing authorization checks on AJAX handler lae_admin_ajax() and insufficient output escaping across multiple checkbox settings fields. This enables authenticated users with Subscriber-l...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.12 views

WordPress plugin Livemesh Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

8.8CVSS5.8AI score0.00816EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 8:38 p.m.6 views

WordPress Elementor Addons by Livemesh plugin <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Posts Slider Widget vulnerability discovered by 0liveira in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.4...

6.4CVSS8.3AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/21 12:0 a.m.17 views

Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Enter the setting page of this plugin. 2...

4.8CVSS0.2AI score0.0047EPSS
Exploits2Affected Software1
Rows per page
Query Builder