CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 9 hours ago•12 views

CVE-2026-8677

CVE-2026-8677 affects the Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress. All versions up to 1.3.3 are susceptible to Stored Cross-Site Scripting via Widget HTML Tag Settings due to insufficient input sanitization and output escaping. Exploitation req...

6.4CVSS5.6AI score

Vulnrichment•added 9 hours ago•3 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

6.4CVSS5.7AI score

EUVD•added 9 hours ago•6 views

EUVD-2026-35378

6.4CVSS5.7AI score

Cvelist•added 9 hours ago•11 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

6.4CVSS

Nuclei•added 12 hours ago•517 views

WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload

Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version...

9.8CVSS7.6AI score0.93478EPSS

Exploits18References5

Positive Technologies•added 18 hours ago•5 views

PT-2026-47725

6.4CVSS5.6AI score

Exploits0References17

Patchstack•added yesterday•4 views

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

6.4CVSS5.4AI score

Exploits0References1Affected Software1

RedhatCVE•added 4 days ago•8 views

CVE-2025-0898

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS5.6AI score0.00034EPSS

6.4CVSS5.7AI score0.00015EPSS

CVE-2026-5428

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...

6.4CVSS5.4AI score0.00032EPSS

CVE-2026-5243

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

5.3CVSS5.4AI score0.00037EPSS

CVE-2026-49053

Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addons Lite: from n/a through 3.9.6...

6.5CVSS5.4AI score0.00039EPSS

CVE-2026-27421

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

6.4CVSS5.7AI score0.00032EPSS

CVE-2026-6504

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

RedhatCVE•added 4 days ago•4 views

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS5.6AI score0.00033EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2026-4803

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS5.7AI score0.00198EPSS

Cvelist•added 2026/05/29 6:43 a.m.•26 views

CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.00033EPSS

Exploits0References4

CNNVD•added 2026/05/29 12:0 a.m.•7 views

WordPress plugin Plus Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00033EPSS

Exploits0References4

NVD•added 2026/05/27 3:16 p.m.•10 views

CVE-2026-49053

5.3CVSS0.00037EPSS

EUVD•added 2026/05/27 2:58 p.m.•9 views

EUVD-2026-32545

5.3CVSS5.8AI score0.00037EPSS