19 matches found
CVE-2026-6287
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...
EUVD-2026-32052
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...
CVE-2026-6287 ShopLentor - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Product Grid 'blockUniqId' Block Attribute
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...
CVE-2026-6287
The CVE-2026-6287 entry concerns the ShopLentor — WooCommerce Builder for Elementor & Gutenberg WordPress plugin. Vulnerability: Stored Cross‑Site Scripting via the blockUniqId attribute in multiple Product Grid blocks (versions up to and including 3.3.8) caused by insufficient input sanitization...
CVE-2026-6287 ShopLentor - WooCommerce Builder for Elementor & Gutenberg <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Product Grid 'blockUniqId' Block Attribute
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...
PT-2026-43493
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple Product Gride blocks in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escapin...
CVE-2025-59007
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...
CVE-2025-59007
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...
CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...
CVE-2025-59007
CVE-2025-59007 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin TF Woo Product Grid Addon For Elementor (tf-woo-product-grid) up to version 1.0.1. The issue enables Object Injection due to unsafe deserialization of data, with the public records indicating a high...
WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability
Deserialization of untrusted data Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin TF Woo Product Grid Addon For Elementor versions = 1.0.1...
CVE-2024-43342 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4...
PT-2024-29756 · WordPress · Themesflat Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting in the Themesflat Addons For Elementor plugin for WordPress. This is due to insufficien...
Ultimate Store Kit Elementor Addons <= 1.6.2 - Unauthenticated PHP Object Injection
Description The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.2 via deserialization of untrusted...
WordPress Post Grid for Elementor & Product Grid | PowerGrids Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Post Grid for Elementor & Product Grid | PowerGrids Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b07b1b7c7042...
WordPress Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) plugin <= 1.3.32 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Royal Elementor Addons Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates plugin versions = 1.3.32. Solution Update the WordPress Royal...
WordPress Post Grid for Elementor & Product Grid | PowerGrids plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Post Grid for Elementor & Product Grid | PowerGrids plugin versions = 1.1. Solution Update the WordPress Post Grid for Elementor & Product Grid | PowerGrids plugin to the latest available version at...
WordPress Post Grid for Elementor & Product Grid | PowerGrids plugin <= 1.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Post Grid for Elementor & Product Grid | PowerGrids plugin versions = 1.1. Solution Update the WordPress Post Grid for Elementor & Product Grid | PowerGrids plugin to the latest available version at least 1.1.1...
Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI
The plugin does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE...