63 matches found
WordPress WS Theme Addons plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wsweather Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WS Theme Addons versions = 2.0.0...
WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Easy Elementor Addons versions = 2.2.7...
CVE-2025-8874
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output...
CVE-2024-1464
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-3638
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on us...
CVE-2024-4896
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-4865
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2024-10365
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...
CVE-2024-6824
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
CVE-2024-9376
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-6632
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-2225
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘raeltitletag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘raeltitletag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. Thi...
CVE-2025-2225
CVE-2025-2225 : The WordPress plugin “Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates” is affected by a Stored Cross‑Site Scripting flaw in the rael_title_tag parameter for versions up to and including 1.6.9. Exploitation requires authentication at Contribut...
CVE-2025-2228
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'registeruser' function. This makes it possible for authenticated attackers, with...
CVE-2025-2228
CVE-2025-2228 affects the Responsive Addons for Elementor plugin (Free Elementor Addons and Elementor Templates) for WordPress, with the flaw in the register_user function present in versions up to 1.6.8. The vulnerability allows an attacker with Contributor-level access (authenticated) to exfilt...
CVE-2025-0433
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output...
CVE-2025-0433
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output...
CVE-2025-0433 Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output...
CVE-2024-13353
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access...