Lucene search
K

12479 matches found

CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-57619

CVE-2026-57619 affects the WordPress Elementor Website Builder plugin (versions ≤ 4.1.3). The issue is a Sensitive Data Exposure vulnerability caused by the component/flow described in the sources. The CVSS 3.1 base score is 6.5 (MEDIUM) with network attack vector, low attack complexity, and priv...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:40 a.m.6 views

WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...

6.5CVSS5.8AI score0.0027EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52439

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:17 a.m.10 views

CVE-2026-11614

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00256EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:29 a.m.8 views

CVE-2026-11614

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00256EPSS
Exploits0References20
CVE
CVE
added 2026/06/24 2:29 a.m.23 views

CVE-2026-11614

Technical details (affected versions, root cause, exploit specifics) are not publicly available in the provided documents. Monitor for updates.

6.4CVSS6AI score0.00256EPSS
Exploits0References19
Patchstack
Patchstack
added 2026/06/23 2:1 p.m.5 views

WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Huazu Jiang anjhz0318 - Tsinghua University in WordPress Plugin Xpro Elementor Addons versions = 1.7.2...

6.4CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.6 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...

9.8CVSS5.8AI score0.0036EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/20 1:27 a.m.33 views

CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS
Exploits0References7
NVD
NVD
added 2026/06/19 6:17 a.m.13 views

CVE-2026-8118

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS0.0024EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.7 views

CVE-2026-8118

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/19 4:31 a.m.14 views

EUVD-2026-37986

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:31 a.m.16 views

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

6.5CVSS5.6AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.36 views

CVE-2026-8118 Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

6.5CVSS0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50845

Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...

6.5CVSS6AI score0.0024EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37609

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

8.8CVSS5.2AI score0.00316EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2026-37590

Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37668

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS5.2AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-40720

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

8.8CVSS0.00316EPSS
Exploits0References1
Rows per page
Query Builder