WordPress Royal Elementor Addons and Template plugin <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...

EUVD-2024-44227

Malicious code in bioql PyPI...

CVE-2025-5096

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. Th...

CVE-2025-0321

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-13156 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter

The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5819

CVE-2024-5819: Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored XSS via HTML data attributes due to insufficient input sanitization and output escaping. Affected versions include up to 3.2.45. Exploitation requires at least Cont...

CVE-2024-6262 Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

CVE-2024-5553

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5553

CVE-2024-5553 affects Premium Addons for Elementor for WordPress (versions up to and including 4.10.33). It is a DOM-Based Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can i...

CVE-2024-5553 Premium Addons for Elementor <= 4.10.33 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5327

PowerPack Addons for Elementor (PowerPack Lite for Elementor)

CVE-2024-5327 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘ppanimatedgradientbgcolor’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output...

CVE-2024-4619

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in versions up to, and including, 3.21.5 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in versions up to, and including, 3.21.5 due to insufficient input sanitization and output escaping. This makes it possible...

Elementor Website Builder < 3.21.6 - Contributor+ DOM Stored XSS

Description The plugin is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

Elementor Website Builder Pro < 3.21.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Description The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2024-2666 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2666

CVE-2024-2666 affects the Premium Addons for Elementor plugin for WordPress. The Red Hat and initial CVE records describe a DOM-Based Stored Cross-Site Scripting vulnerability in the plugin’s Bullet List Widget, present in all versions up to and including 4.10.24. The issue stems from insufficien...

CVE-2024-2666 Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...