CVE-2026-2902

The CVE-2026-2902 entry concerns the WordPress plugin WP Meteor Website Speed Optimization Addon. Affected component: the plugin’s frontend_rewrite logic uses a WPMETEOR[N]WPMETEOR placeholder, with insufficient input sanitization and output escaping, making all versions up to 3.4.16 vulnerable t...

CVE-2026-34889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...

CVE-2026-25376 WordPress Addon Jobsearch Chat plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

CVE-2026-32462 WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through = 2.1.3...

CVE-2026-27363

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...

CVE-2025-9427 Admin reflected XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting XSS.This issue affects WordPress add on: 2025.7.1...

WordPress Addon Elements for Elementor Cross-Site Scripting Vulnerability

WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...

WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...

CVE-2025-53564 WordPress HTML5 Radio Player - WPBakery Page Builder Addon <= 2.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon lbgradioplayeraddonvisualcomposer allows Reflected XSS.This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a...

CVE-2025-6550

CVE-2025-6550 concerns The Pack Elementor addon for WordPress (v

CVE-2025-49311 WordPress The Events Calendar Countdown Addon plugin <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.9...

CVE-2025-26553 WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spring Devs Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin wc-pre-order allows Reflected XSS.This issue affects Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin:...

CVE-2024-12164 WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwpresetsettings function in all versions up to, and including, 1.6. This makes it possible for authenticated...

PT-2024-28413 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.1 Description: The issue is related to Stored Cross-Site Scripting via the custom attributes value in widgets due to insufficient input sanitization and...

CVE-2023-32243

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1...