7328 matches found
EUVD-2019-20199
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...
CVE-2019-25763
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability. An attacker can submit a POST to admin-ajax.php with the uabb-lf-google-submit action, a valid administrator email, and a valid nonce to obtain session cookies and authenticate as that user. CVSS...
CVE-2026-8118
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
EUVD-2026-37986
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
CVE-2026-8118
The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...
CVE-2026-8118 Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
PT-2026-50845
Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin 1.7.1058-1.7.1059 - Authenticated (Contributor+) Arbitrary File Read vulnerability
Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Jack Taylor in WordPress Plugin Royal Elementor Addons versions 1.7.1058-1.7.1059...
EUVD-2026-37590
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
EUVD-2025-210224
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
EUVD-2025-210223
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
CVE-2026-40720
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
CVE-2026-39597
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
CVE-2025-60205
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
CVE-2025-60218
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
EUVD-2026-37692
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
CVE-2026-39597 WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
CVE-2025-60218
CVE-2025-60218 concerns the WordPress plugin “PT Luxa Addons” (versions
CVE-2025-60205
The CVE-2025-60205 entry concerns WordPress ThemeREX Addons plugin version