CVE-2026-1257

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...

CVE-2024-10782

The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-8494

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

PT-2025-3701 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions prior to 3.25.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, a...

CVE-2024-10775 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

PT-2025-1753 · WordPress · The Unlimited Theme Addon For Elementor/Woocommerce

Name of the Vulnerable Software and Affected Versions: The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or...

PT-2024-16557 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1003 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts...

WordPress UltraAddons plugin <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure via UATemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin UltraAddons Elementor Lite versions = 1.1.8...

CVE-2024-10778

CVE-2024-10778 : BuddyPress Builder for Elementor – BuddyBuilder (WordPress plugin) is vulnerable to information exposure in all versions up to 1.7.4 via the shortCode “elementor-template.” The issue arises from insufficient restrictions on which posts can be included, allowing authenticated atta...

CVE-2024-10688

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

PT-2024-15998 · Elementor · Elementor Header & Footer Builder

Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.43 Description: The issue allows authenticated attackers with Contributor-level access and above to view the contents of Draft, Private, and...