EUVD-2025-32268

Malicious code in bioql PyPI...

CVE-2025-9080 Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.8 and earlier. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with...

WordPress plugin Generic Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-40482

Name of the Vulnerable Software and Affected Versions Generic Elements plugin for WordPress versions prior to 1.2.4 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of user-supplied attributes in multiple widget fields...

WordPress Mega Elements plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by zer0gh0st in WordPress Plugin Mega Elements versions = 1.3.2...

WordPress UiCore Elements plugin arbitrary file read vulnerability

WordPress UiCore Elements plugin is a plugin designed for the Elementor page builder to extend its functionality and enhance website design capabilities. An arbitrary file read vulnerability exists in the WordPress UiCore Elements plugin, which stems from the application's inadequate protection o...

CVE-2024-3547

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleconnecterror' parameter in all versions up to, and including, 1.5.102 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-13215

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2024-11095

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2023-4723

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajaxeaepostdata function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of wit...

CVE-2022-47170

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin = 1.5.48 versions...

CVE-2022-47139

Cross-Site Request Forgery CSRF vulnerability in Damir Calusic WP Basic Elements plugin = 5.2.15 versions...

CVE-2022-0693

The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...

WordPress Ovation Elements plugin <= 1.1.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Ovation Elements versions = 1.1.2...

CVE-2025-32216 WordPress Spider Elements – Addons for Elementor plugin <= 1.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/a through = 1.6.6...

CVE-2025-32182 WordPress Spider Elements – Addons for Elementor plugin <= 1.6.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spider Themes Spider Elements spider-elements allows Stored XSS.This issue affects Spider Elements: from n/a through = 1.6.5...

CVE-2025-1663

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-1663

The CVE-2025-1663 entry concerns the Unlimited Elements For Elementor plugin for WordPress. Concrete details from connected sources show a Stored Cross-Site Scripting (XSS) vulnerability in multiple widgets, caused by insufficient input sanitization and output escaping, affecting all versions up ...

CVE-2024-56000 WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through 5.4.0...

WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin K Elements versions 5.4.0...