Lucene search
K

300 matches found

Nuclei
Nuclei
added 17 hours ago68 views

Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder 4.1.10 - Open Redirect...

6.1CVSS6.3AI score0.02295EPSS
Exploits2References4
Nuclei
Nuclei
added 17 hours ago62 views

WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting

WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplusmorepost AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary...

6.1CVSS6AI score0.02483EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago66 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7AI score0.14462EPSS
Exploits3References2
NVD
NVD
added 3 days ago7 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS0.00261EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-15285 The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS0.00261EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42794

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress is affected by an Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability in the Button widget via the custom_attributes setting, affecting versions up to 6.4.11. The root cause is in render() for the Button widget, where the raw c...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 8:16 a.m.17 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 6:43 a.m.31 views

CVE-2026-9243

The Plus Addons for Elementor WordPress plugin contains a Stored Cross-Site Scripting (XSS) flaw in the Carousel Anything widget’s carousel_direction parameter, up to version 6.4.15. The root cause is insufficient output escaping in render(), placing the value into an unquoted dir= attribute, ena...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:43 a.m.12 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 6:43 a.m.20 views

CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS6AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.20 views

PT-2026-44759

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel direction' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the carousel...

6.4CVSS6AI score0.00273EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/28 6:38 p.m.12 views

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.15...

6.4CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:17 p.m.9 views

WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.11...

5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/14 6:16 a.m.20 views

CVE-2026-5243

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

6.4CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:30 a.m.38 views

CVE-2026-5243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

6.4CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 5:30 a.m.8 views

EUVD-2026-30231

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:30 a.m.15 views

CVE-2026-5243

CVE-2026-5243 affects The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress. The vulnerability is a stored XSS in the Navigation Menu Lite widget’s menu_hover_click parameter present in all versions up to 6.4.11, caused by insuf...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References2
Rows per page
Query Builder