WordPress plugin The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

PT-2026-20387

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpae create page AJAX handler authorizing users only with current...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress The Plus Addons for Elementor plugin <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing vulnerability

Authenticated Contributor+ Local File Inclusion via Team Member Listing vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.1...

WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card vulnerability

Authenticated Contibutor+ Stored Cross-Site Scripting via Hover Card vulnerability discovered by Colin Xu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.5.4...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Age Gate vulnerability discovered by Phuoc Pham p3tl0v3r - VNPT Cyber Immunity in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by Tim Coen in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.5.2 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons for Elementor Page Builder Lite...

WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability discovered by stealthcopter in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings vulnerability

WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.6.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget Settings vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons...

CVE-2026-24377 WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...

CVE-2026-24377

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...

CVE-2025-46434

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

CVE-2024-34373

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through = 5.4.2...

CVE-2025-46434

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

CVE-2025-46434

CVE-2025-46434 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin "The Plus Addons for Elementor Pro" (prior to v6.3.7). The issue arises from incorrectly configured access control levels, enabling unauthorized access to actions or data that shoul...

CVE-2025-46434 WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro thepluselementoraddon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a through 6.3.7...

CVE-2024-2210

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrar...