CVE-2026-2902

The CVE-2026-2902 entry concerns the WordPress plugin WP Meteor Website Speed Optimization Addon. Affected component: the plugin’s frontend_rewrite logic uses a WPMETEOR[N]WPMETEOR placeholder, with insufficient input sanitization and output escaping, making all versions up to 3.4.16 vulnerable t...

CVE-2026-34889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...

CVE-2026-25376 WordPress Addon Jobsearch Chat plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

CVE-2026-32462 WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

CVE-2026-27363

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...

CVE-2025-9427 Admin reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting XSS.This issue affects WordPress add on: 2025.7.1...

WordPress Addon Elements for Elementor Cross-Site Scripting Vulnerability

WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...

WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...

CVE-2025-53564 WordPress HTML5 Radio Player - WPBakery Page Builder Addon <= 2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbgradioplayeraddonvisualcomposer allows Reflected XSS.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a...

CVE-2025-6550

CVE-2025-6550 concerns The Pack Elementor addon for WordPress (v

CVE-2025-49311 WordPress The Events Calendar Countdown Addon plugin <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.9...

CVE-2025-26553 WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spring Devs Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin wc-pre-order allows Reflected XSS.This issue affects Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin:...

CVE-2024-12164 WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...

PT-2024-28413 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.1 Description: The issue is related to Stored Cross-Site Scripting via the custom attributes value in widgets due to insufficient input sanitization and...

CVE-2023-32243

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1...

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

The vulnerability of the Kaswara Modern VC Addon for WordPress content management system allows for unlimited loading of dangerous files, enabling attackers to download and execute arbitrary files.

The vulnerability of the Kaswara Modern VC Addon for WordPress content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary files remotely...