258 matches found
CVE-2025-9703
CVE-2025-9703 describes a Cross-Site Scripting vulnerability in The Ultimate Addons for Elementor (Lite and related) WordPress plugin prior to version 2.5.0. The issue arises because SVG file contents uploaded via the xmlrpc.php endpoint using base64 encoding are not sanitized, allowing injection...
PT-2025-40853
Name of the Vulnerable Software and Affected Versions The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder versions prior to 2.5.0 Description The software does not properly sanitize SVG file contents when uploaded. This occurs when using the xmlrpc.php endpoint with base6...
WordPress plugin The Ultimate Addons for Elementor 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in t...
EUVD-2023-27965
Malicious code in bioql PyPI...
EUVD-2023-56119
Malicious code in bioql PyPI...
EUVD-2023-34908
Malicious code in bioql PyPI...
EUVD-2024-36676
Malicious code in bioql PyPI...
EUVD-2023-34910
Malicious code in bioql PyPI...
EUVD-2023-53689
Malicious code in bioql PyPI...
EUVD-2024-27106
Malicious code in bioql PyPI...
EUVD-2024-40078
Malicious code in bioql PyPI...
EUVD-2023-50454
Malicious code in bioql PyPI...
EUVD-2023-56123
Malicious code in bioql PyPI...
EUVD-2023-56122
Malicious code in bioql PyPI...
EUVD-2023-50448
Malicious code in bioql PyPI...
EUVD-2023-55623
Malicious code in bioql PyPI...
CVE-2025-8488
The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...
CVE-2025-8488 Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savehfecompatibilityoptioncallback function in all versions up to, and including, 2.4.6. This makes it...
CVE-2025-8488
CVE-2025-8488 affects Ultimate Addons for Elementor (formerly Elementor Header & Footer Builder) for WordPress, with versions up to 2.4.6 vulnerable due to a missing capability check in the save_hfe_compatibility_option_callback() function. This enables authenticated attackers with Subscriber-lev...
WordPress plugin Ultimate Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...