CVE-2026-1206 Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template

The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and including, 3.35.7. This is due to a logic error in the isallowedtoreadtemplate function permission check that treats non-published templates as...

CVE-2026-1206

The CVE-2026-1206 entry concerns the Elementor Website Builder plugin for WordPress. Affected versions are all up to and including 3.35.7. The vulnerability arises from a logic error in is_allowed_to_read_template() that mishandles the permission check for template access, causing non-published t...

WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Page Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...

CVE-2025-66139

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through = 1.0.9...

CVE-2020-7055

An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive...

CVE-2024-2623

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization an...

CVE-2025-66162

Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through = 1.04...

CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path

The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for...

PT-2025-51467

Name of the Vulnerable Software and Affected Versions Merkulove Huger for Elementor versions through 1.1.5 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Merkulove Huger for Elementor to a versio...

EUVD-2020-28189

Malware in sbrugna...

EUVD-2024-43331

Malicious code in bioql PyPI...

EUVD-2025-5308

Malicious code in bioql PyPI...

EUVD-2024-28163

Malicious code in bioql PyPI...

EUVD-2025-9183

Malicious code in bioql PyPI...

EUVD-2025-12321

Malicious code in bioql PyPI...

EUVD-2024-40106

Malicious code in bioql PyPI...

EUVD-2024-45616

Malicious code in bioql PyPI...

EUVD-2025-11299

Malicious code in bioql PyPI...

EUVD-2024-42400

Malicious code in bioql PyPI...

EUVD-2024-45688

Malicious code in bioql PyPI...