Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

379 matches found

Nuclei
Nucleiadded yesterday7 views

Premium Addons for Elementor - Unauthenticated Information Disclosure

Premium Addons for Elementor plugin for WordPress version 4.11.53 and below contains an unauthenticated information disclosure vulnerability.The vulnerability exists due to a missing authorization check in the gettemplatecontent AJAX handler, allowing unauthenticated attackers to retrieve private...

5.3CVSS5.8AI score0.0049EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.3 views

CVE-2026-4790

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS6AI score0.00034EPSS
Exploits0References1
NVD
NVDadded 2026/05/02 12:16 p.m.0 views

CVE-2026-4790

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS0.00034EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/02 11:16 a.m.1 views

EUVD-2026-26783

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS6AI score0.00034EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/02 11:16 a.m.34 views

CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS0.00034EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/02 11:16 a.m.3 views

CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS6AI score0.00034EPSS
Exploits0References2
CVE
CVEadded 2026/05/02 11:16 a.m.5 views

CVE-2026-4790

CVE-2026-4790 affects the Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress. The issue is stored cross-site scripting via the 'custom_svg' parameter in versions up to and including 4.11.70 , caused by insufficient input sanitization and output escaping. Th...

5.4CVSS6AI score0.00034EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/05/01 9:53 p.m.3 views

WordPress Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Fernando Mecozzi in WordPress Plugin Premium Addons for Elementor versions = 4.11.70...

5.4CVSS5.8AI score0.00034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 7:55 p.m.2 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Messenger Chat Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS7.1AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 7:55 p.m.4 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multi Scroll Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS7.1AI score0.003EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 5:50 p.m.4 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Global Badge Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS7.1AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 2:53 p.m.4 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS5.3AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 2:52 p.m.2 views

WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Premium Magic Scroll Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...

6.4CVSS5.4AI score0.00229EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 9:33 a.m.4 views

WordPress Premium Addons for Elementor plugin <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'arrowstyle' vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.28...

6.4CVSS5.3AI score0.00196EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 9:3 a.m.2 views

WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...

6.4CVSS5.3AI score0.00361EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/02 9:3 a.m.3 views

WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Global Tooltip vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...

5.4CVSS5.3AI score0.0036EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/23 9:17 p.m.4 views

CVE-2025-69300

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through = 4.11.63...

5.4CVSS5.4AI score0.00069EPSS
Exploits0References1
NVD
NVDadded 2026/01/22 5:16 p.m.2 views

CVE-2025-69300

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through = 4.11.63...

5.4CVSS0.00069EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/22 4:52 p.m.1 views

CVE-2025-69300

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through = 4.11.63...

5.4CVSS5.3AI score0.00069EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/22 4:52 p.m.16 views

CVE-2025-69300 WordPress Premium Addons for Elementor plugin <= 4.11.63 - Settings Change vulnerability

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through = 4.11.63...

5.4CVSS0.00069EPSS
Exploits0References1
Rows per page
Query Builder