CVE-2026-3651

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

CVE-2026-24605

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

WordPress plugin X Addons for Elementor has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...

PT-2026-4439

Name of the Vulnerable Software and Affected Versions X Addons for Elementor versions through 1.0.23 Description An issue exists in X Addons for Elementor where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. The vulnerability...

CVE-2026-22518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-22518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.23...

CVE-2026-22518

CVE-2026-22518 : The X Addons for Elementor plugin is affected by a DOM-based XSS vulnerability (Improper Neutralization of Input During Web Page Generation). The CVE covers X Addons for Elementor versions

PT-2026-2195

Name of the Vulnerable Software and Affected Versions pencilwp X Addons for Elementor versions through 1.0.23 Description An issue exists in pencilwp X Addons for Elementor that allows for DOM-Based Cross-site Scripting XSS. This is due to improper neutralization of input during web page...

WordPress plugin X Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Spexo Addons for Elementor plugin <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.23...

WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the Menu Display Widget process. An attacker can access sensitive information by viewing content that should be restricted to authorized users. Remediation Upgrade...

EUVD-2024-32987

Malicious code in bioql PyPI...

EUVD-2024-43773

Malicious code in bioql PyPI...

EUVD-2024-52964

Malicious code in bioql PyPI...

EUVD-2024-40573

Malicious code in bioql PyPI...

CVE-2025-8208

The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8208

The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...