12479 matches found
CVE-2026-57619
CVE-2026-57619 affects the WordPress Elementor Website Builder plugin (versions ≤ 4.1.3). The issue is a Sensitive Data Exposure vulnerability caused by the component/flow described in the sources. The CVSS 3.1 base score is 6.5 (MEDIUM) with network attack vector, low attack complexity, and priv...
WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...
PT-2026-52439
Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...
CVE-2026-11614
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-11614
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-11614
Technical details (affected versions, root cause, exploit specifics) are not publicly available in the provided documents. Monitor for updates.
WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Huazu Jiang anjhz0318 - Tsinghua University in WordPress Plugin Xpro Elementor Addons versions = 1.7.2...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...
CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...
CVE-2026-8118
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
CVE-2026-8118
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
EUVD-2026-37986
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
CVE-2026-8118
The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...
CVE-2026-8118 Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source
The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...
PT-2026-50845
Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...
EUVD-2026-37609
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
EUVD-2026-37590
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
EUVD-2026-37668
Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...
CVE-2026-40720
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
CVE-2026-42629
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...