Lucene search
K

1686 matches found

Nuclei
Nuclei
added 10 hours ago635 views

WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload

Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...

9.8CVSS6.9AI score0.81695EPSS
Exploits18References5
CVE
CVE
added 3 days ago10 views

CVE-2026-15299

CVE-2026-15299 : The Animation Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to 2.6.3 via the Weather widget’s weather_style and move_direction parameters. The root cause is insufficient output escaping in Weather widget render() (widgets/we...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-11328

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52744

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.5.0 Description An unauthenticated privilege escalation issue exists, allowing an attacker to gain higher-level permissions without providing valid credentials...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-40720

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.11 views

EUVD-2026-37692

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.17 views

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 7:50 a.m.23 views

CVE-2026-8613

The CVE-2026-8613 entry concerns the WordPress plugin aThemes Addons for Elementor (

6.4CVSS5.7AI score0.002EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/10 4:31 a.m.36 views

CVE-2025-8444 Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates <= 2.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 4:31 a.m.30 views

CVE-2025-8444

The CVE-2025-8444 entry concerns the WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates. A DOM-Based Stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.6.7 due to insufficient input sanitization and output escapi...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.16 views

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00243EPSS
Exploits0References16
CVE
CVE
added 2026/06/09 8:29 a.m.33 views

CVE-2026-8677

CVE-2026-8677 affects the Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress. All versions up to 1.3.3 are susceptible to Stored Cross-Site Scripting via Widget HTML Tag Settings due to insufficient input sanitization and output escaping. Exploitation req...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/09 8:29 a.m.12 views

EUVD-2026-35378

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/09 8:29 a.m.40 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00243EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/06/09 8:29 a.m.10 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.20 views

WordPress plugin Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47725

Name of the Vulnerable Software and Affected Versions Prime Elementor Addons versions prior to 1.3.4 Description Insufficient input sanitization and output escaping in the Widget HTML Tag Settings allow authenticated attackers with contributor-level access or higher to perform Stored Cross-Site...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References21
Patchstack
Patchstack
added 2026/06/08 7:49 p.m.11 views

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

6.4CVSS5.4AI score0.00243EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-0898

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS5.6AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5428

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...

6.4CVSS5.7AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder