Lucene search
K

7329 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49357

Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...

5.3CVSS5.1AI score0.00214EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 10:42 a.m.95 views

Exploit for CVE-2026-7665

CVE-2026-7665 — Unauthenticated Information Disclosure in Esse...

5.3CVSS5.5AI score0.0515EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.17 views

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:16 a.m.13 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.002EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/10 7:50 a.m.14 views

EUVD-2026-35996

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References8
CVE
CVE
added 2026/06/10 7:50 a.m.22 views

CVE-2026-8613

The CVE-2026-8613 entry concerns the WordPress plugin aThemes Addons for Elementor (

6.4CVSS5.7AI score0.002EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/10 7:50 a.m.41 views

CVE-2026-8613 aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.002EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/10 4:31 a.m.14 views

EUVD-2025-210103

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 4:31 a.m.36 views

CVE-2025-8444 Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 4:31 a.m.30 views

CVE-2025-8444

The CVE-2025-8444 entry concerns the WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates. A DOM-Based Stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.6.7 due to insufficient input sanitization and output escapi...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48374

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

WordPress plugin aThemes Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

6.4CVSS5.1AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.3AI score0.00155EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/09 6:49 p.m.15 views

WordPress aThemes Addons for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin aThemes Addons for Elementor versions = 1.1.8...

6.4CVSS5.4AI score0.002EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/09 9:16 a.m.16 views

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00243EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/09 8:29 a.m.12 views

EUVD-2026-35378

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/06/09 8:29 a.m.9 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References16
CVE
CVE
added 2026/06/09 8:29 a.m.32 views

CVE-2026-8677

CVE-2026-8677 affects the Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress. All versions up to 1.3.3 are susceptible to Stored Cross-Site Scripting via Widget HTML Tag Settings due to insufficient input sanitization and output escaping. Exploitation req...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/09 8:29 a.m.40 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00243EPSS
Exploits0References16
Rows per page
Query Builder