EUVD-2026-20129

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the rendersvg...

CVE-2025-14792

CVE-2025-14792: Key Figures (WordPress) plugin vulnerable to Stored XSS via kf_field_figure_default_color_render in all versions up to 1.1; affects multisite and sites with unfiltered_html disabled. Exploitation requires authenticated admin-level access; payloads execute when users visit the inje...

CVE-2025-14792 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render

The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-2071 · WordPress · Ht Event – Wordpress Event Manager Plugin For Elementor

Name of the Vulnerable Software and Affected Versions: The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress versions up to, and including, 1.4.7 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private,...

PT-2025-1762 · WordPress · Elementor Addons Ai Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress versions up to, and including, 2.2.1 Description: The issue concerns insufficient restrictions on which templates can be included through the...

PT-2025-1899 · Microsoft · Dynamics 365 Integration Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Dynamics 365 Integration plugin for WordPress version 1.3.23 and earlier Description: The issue is related to Remote Code Execution and Arbitrary File Read due to missing input validation and sanitization on the render function, allowing...

CVE-2024-9542

The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-leve...

PT-2024-39687 · WordPress · Sky Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Sky Addons for Elementor plugin for WordPress versions up to, and including, 2.6.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor...

CVE-2024-10360

The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it...

PT-2024-16218 · WordPress · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.3.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data v...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the render function used by the My Account widget. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a link including a...

CVE-2024-9541

The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-9540

The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-9538

The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wlfaq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2024-8913

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tpaccordion.php. This makes it possibl...

PT-2024-39314 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions prior to 5.6.12 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is possible due to...

PT-2024-39684 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions prior to 2.9.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data. This is possible d...

CVE-2024-8910

CVE-2024-8910 concerns HT Mega – Absolute Addons For Elementor for WordPress. The vulnerability affects versions up to and including 2.6.5 and enables Sensitive Information Exposure via the render function in includes/widgets/htmega_accordion.php. Exploitation requires at least Contributor-level ...

PT-2024-39311 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.6.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft...

PT-2024-39068 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract limited post information from draft and future...