25 matches found
CVE-2026-24605
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...
CVE-2026-24605
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...
CVE-2026-24605
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...
CVE-2026-24605
CVE-2026-24605 concerns WordPress plugin X Addons for Elementor with versions up to 1.0.23. The Red Hat/NVD entries describe a Missing Authorization vulnerability caused by misconfigured access control security levels, enabling unauthorized access. Public feeds corroborate the affected software a...
CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...
CVE-2026-24605 WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through = 1.0.23...
WordPress plugin X Addons for Elementor has security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to th...
PT-2026-4439
Name of the Vulnerable Software and Affected Versions X Addons for Elementor versions through 1.0.23 Description An issue exists in X Addons for Elementor where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. The vulnerability...
WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...
CVE-2026-22518 WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.23...
WordPress plugin X Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...
EUVD-2025-15516
Malicious code in bioql PyPI...
CVE-2025-9204
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
CVE-2025-9204 X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
CVE-2025-9204 X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
WordPress plugin X Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-40488
Name of the Vulnerable Software and Affected Versions X Addons for Elementor plugin for WordPress versions up to and including 1.0.14 Description The X Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of inadequate input sanitization and...
CVE-2025-48132
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Stored XSS.This issue affects X Addons for Elementor: from n/a through = 1.0.16...
CVE-2025-48132
CVE-2025-48132 affects X Addons for Elementor (WordPress plugin). The issue is a Stored XSS due to improper input neutralization during web page generation, affecting versions n/a through 1.0.14. Public sources (PT-2025-21730, Patchstack, CVE listings) identify the fix as upgrading beyond version...