Lucene search
K

63 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 10:16 a.m.14 views

CVE-2026-7475

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS0.00244EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/08 9:26 a.m.33 views

CVE-2026-7475 Sky Addons <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Script

The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sky-custom-scripts custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with capabilitytype = 'post' and showinrest = true, combined with...

6.4CVSS0.00244EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/07 7:37 a.m.9 views

CVE-2026-25468 WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.30 views

CVE-2026-28038 WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

6.5CVSS0.00279EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.193 views

📄 WordPress King Addons for Elementor 51.1.14 Privilege Escalation

Proof of concept for a WordPress King Addons for Elementor plugin versions 24.12.92 through 51.1.14 unauthenticated privilege escalation vulnerability. ============================================================================================================================================= |...

9.8CVSS5.9AI score0.09142EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.2 views

CVE-2025-69403 WordPress Bravis Addons plugin <= 1.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through = 1.3.0...

5.9AI score0.00434EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:8 p.m.13 views

CVE-2026-25014

CVE-2026-25014 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Enter Addons (themelooks) affecting Enter Addons versions from n/a up to and including 2.3.2. The CVSS v3.1 base score is 4.3 (Medium) with network attack vector, required user interaction, and part...

4.3CVSS5.3AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin Enter Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.7AI score0.00098EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 8:30 a.m.6 views

WordPress Enter Addons plugin <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Events Card Widget vulnerability discovered by lowol in WordPress Plugin Enter Addons versions = 2.1.8...

6.4CVSS5.3AI score0.00304EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2788

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS7.4AI score0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:55 p.m.3 views

CVE-2025-62047 WordPress Case Addons plugin < 1.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through 1.3.0...

9.9CVSS6.6AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/19 6:43 a.m.15 views

CVE-2025-11391

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

9.8CVSS7.6AI score0.00915EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/18 6:42 a.m.9 views

CVE-2025-11691 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

7.5CVSS0.0044EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/16 4:27 a.m.10 views

CVE-2025-11814 Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.4CVSS0.00269EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54169

Malicious code in bioql PyPI...

6.4CVSS9.2AI score0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32218

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00345EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50173

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-49253

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00418EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/06 3:22 a.m.3 views

CVE-2025-8564 SKT Addons for Elementor <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00216EPSS
Exploits0References3
Rows per page
Query Builder