Lucene search
K

89 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS0.00261EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15285 The Plus Addons for Elementor <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS0.00261EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42794

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's customattributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tpbutton.php passed the raw customattributes...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 4 days ago10 views

CVE-2026-15285

The Plus Addons for Elementor plugin for WordPress is affected by an Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability in the Button widget via the custom_attributes setting, affecting versions up to 6.4.11. The root cause is in render() for the Button widget, where the raw c...

6.4CVSS5.9AI score0.00261EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.13 views

CVE-2026-2509

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS5.6AI score0.00345EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/09 9:40 p.m.11 views

WordPress Page Builder: Pagelayer plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin PageLayer versions = 2.0.8...

6.4CVSS5.9AI score0.00345EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/08 2:16 p.m.8 views

CVE-2026-2509

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS0.00345EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/08 1:26 p.m.6 views

CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS6.1AI score0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:26 p.m.8 views

CVE-2026-2509

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS6.1AI score0.00345EPSS
Exploits0References5
CVE
CVE
added 2026/04/08 1:26 p.m.18 views

CVE-2026-2509

CVE-2026-2509: The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 2.0.8. The root cause is an incomplete event handler blocklist in the pagelayer_xss_content filtering function, which blocks common event handlers but n...

6.4CVSS6.1AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 1:26 p.m.22 views

CVE-2026-2509 Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayerxsscontent' XSS filtering function, whic...

6.4CVSS0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31305

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer plugin for WordPress versions up to and including 2.0.8 Description The Page Builder: Pagelayer plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Button widget's Custom Attributes field. This is...

6.4CVSS5.9AI score0.00345EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/02/02 9:0 p.m.8 views

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Dual Button Widget vulnerability discovered by RandomRoot in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

6.4CVSS7.1AI score0.00509EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 7:30 p.m.8 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

6.4CVSS8.3AI score0.00423EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28172

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-56120

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54983

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-49976

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.0032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.5 views

CVE-2024-3925

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.11 due to insufficient input sanitization a...

6.4CVSS6.1AI score0.00341EPSS
Exploits0References1
Rows per page
Query Builder