CVE-2026-6504

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2026-6504

The CVE concerns the WordPress plugin Royal Elementor Addons (Addons and Templates Kit for Elementor). A Stored Cross-Site Scripting (XSS) vulnerability affects all versions up to 1.7.1058 due to insufficient input sanitization and output escaping in the title_tag parameter. Authentication with C...

CVE-2026-6504

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2026-6504 Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

EUVD-2026-30261

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

WordPress plugin Royal Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-40897

Name of the Vulnerable Software and Affected Versions Royal Elementor Addons and Templates versions prior to 1.7.1059 Description The Royal Elementor Addons and Templates plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escapin...

CVE-2026-6551

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...

GHSA-855C-R2VQ-C292 Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

PT-2026-33172

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description A stored cross-site scripting issue exists in SEO-related fields, specifically the SEO Title and Meta Description. User-controlled input is rendered without proper output encoding into HTML...

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'title_tag' Parameter vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'titletag' Parameter vulnerability discovered by WordFence in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.4...

CVE-2026-24045

Docmost 0.25.0 fixes a stored XSS on the public share page where page titles are inserted into meta and title tags without proper HTML escaping. Affected: Docmost prior to 0.25.0. Severity: high (CVSS 3.1 base 7.3). Impact: arbitrary JavaScript execution in the context of any user who opens a sha...

WordPress WPBakery Visual Composer plugin <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title tag attribute vulnerability discovered by Nikolas - mdr in WordPress Plugin WPBakery Page Builder versions = 7.5...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via titletag vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Page Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animation Title widget img tag vulnerability discovered by Sebastião Gavião Sebastgav - Gavsec in WordPress Plugin Enter Addons versions = 2.1.5...

CVE-2025-12379

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘titletag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it...

WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...