Lucene search
K

7299 matches found

Nuclei
Nuclei
added 14 hours ago28 views

Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. id: CVE-2021-24358 info: name: Plus Addons for Elementor Page Builder 4.1.10 - Open Redirect...

6.1CVSS6.2AI score0.02295EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago31 views

WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting

WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplusmorepost AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary...

6.1CVSS6AI score0.02483EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago12 views

Premium Addons for Elementor - Unauthenticated Information Disclosure

Premium Addons for Elementor plugin for WordPress version 4.11.53 and below contains an unauthenticated information disclosure vulnerability.The vulnerability exists due to a missing authorization check in the gettemplatecontent AJAX handler, allowing unauthenticated attackers to retrieve private...

5.3CVSS5.9AI score0.00715EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago14 views

ShortCode Addons - Unauthenticated Options Update

WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...

9.8CVSS6.2AI score0.02654EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago21 views

The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass

The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...

9.8CVSS7.2AI score0.14462EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday95 views

WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. id: CVE-2023-32243 info: name: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset author:...

9.8CVSS7.4AI score0.75946EPSS
Exploits8References5
NVD
NVD
added 3 days ago8 views

CVE-2026-57754

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-57754 WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...

6.5CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-57754

CVE-2026-57754 is a cross-site scripting (XSS) vulnerability in the WordPress plugin Livemesh Addons for WPBakery Page Builder

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago624 views

WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload

Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...

9.8CVSS7.2AI score0.81695EPSS
Exploits18References5
Patchstack
Patchstack
added 3 days ago6 views

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-12349

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS0.00239EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-40252

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
Patchstack
Patchstack
added 6 days ago5 views

WordPress Premium Addons for KingComposer plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-56028

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

9.8CVSS0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.4 views

EUVD-2026-39691

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.31 views

CVE-2026-56028 WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

9.8CVSS0.0036EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 12:16 p.m.10 views

CVE-2026-57620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8...

6.5CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 11:41 a.m.18 views

CVE-2026-57620

CVE-2026-57620 affects the WordPress plugin Exclusive Addons for Elementor (Tim Strifler) up to version 2.7.9.8. The issue is a Stored XSS caused by improper neutralization of input during web page generation. The vulnerability affects Exclusive Addons Elementor; no explicit exploit details or re...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 11:41 a.m.34 views

CVE-2026-57620 WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8...

6.5CVSS0.0013EPSS
Exploits0References1
Rows per page
Query Builder