Lucene search
K

2301 matches found

NVD
NVD
added 2026/05/05 4:16 a.m.12 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00283EPSS
Exploits0References8
CVE
CVE
added 2026/05/05 3:37 a.m.19 views

CVE-2026-5159

The CVE-2026-5159 entry documents a Stored Cross-Site Scripting flaw in the Royal Addons for Elementor plugin (WordPress). Affected component: the Instagram Feed widget, specifically the instagram_follow_text setting. Root cause: insufficient input sanitization and output escaping in all versions...

6.4CVSS6AI score0.00283EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/05 3:37 a.m.41 views

CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00283EPSS
Exploits0References8
CVE
CVE
added 2026/05/05 3:37 a.m.18 views

CVE-2026-4803

The Royal Elementor Addons plugin for WordPress is vulnerable to a Stored Cross‑Site Scripting (XSS) via the 'status' parameter in the wpr_update_form_action_meta AJAX action, affecting all versions up to and including 1.7.1056. The root cause is insufficient input sanitization and output escapin...

7.2CVSS6AI score0.00359EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 3:37 a.m.62 views

CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...

7.2CVSS0.00359EPSS
Exploits0References6
NVD
NVD
added 2026/05/02 12:16 p.m.44 views

CVE-2026-4790

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.9 views

CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS6AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 5:29 a.m.17 views

CVE-2026-6916

CVE-2026-6916: The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin is vulnerable to Stored Cross-Site Scripting via the sg_content_number_prefix parameter in all versions up to 3.1.0 due to insufficient input sanitization and output escaping. Authen...

6.4CVSS6AI score0.00357EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36580

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg content number prefix' parameter in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output...

6.4CVSS6AI score0.00357EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.12 views

WordPress Events Addon for Elementor plugin <= 2.2.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Events Addon for Elementor versions = 2.2.2...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.7 views

WordPress Music Player for Elementor – Audio Player & Podcast Player plugin <= 2.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Music Player for Elementor – Audio Player & Podcast Player versions = 2.4.1...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:17 a.m.7 views

WordPress Primary Addon for Elementor plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Primary Addon for Elementor versions = 1.6.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:15 a.m.5 views

WordPress Unlimited Elements For Elementor plugin <= 1.5.140 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.140...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/01 6:16 a.m.5 views

CVE-2026-6127

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS0.00225EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 5:29 a.m.4 views

EUVD-2026-26479

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 5:29 a.m.32 views

CVE-2026-6127 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS0.00225EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/01 5:29 a.m.3 views

CVE-2026-6127

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/01 5:29 a.m.2 views

CVE-2026-6127 Elementor Website Builder <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

6.4CVSS6AI score0.00225EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 5:29 a.m.12 views

CVE-2026-6127

The Elementor Website Builder WordPress plugin (versions ≤ 4.0.4) is affected by a Stored Cross-Site Scripting (XSS) via the _elementor_data meta field. Root cause: insufficient input sanitization when handling form-encoded REST API requests; sanitize_callback missing for show_in_rest field, and ...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/29 2:49 p.m.6 views

CVE-2026-39702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.2AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder