5241 matches found
CVE-2025-69360
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.11.0...
CVE-2025-39484
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7...
CVE-2025-69357 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements for Elementor: from n/a through = 5.11.0...
CVE-2025-69356 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...
CVE-2025-69357 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements for Elementor: from n/a through = 5.11.0...
CVE-2025-69360 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.11.0...
CVE-2025-69356 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...
CVE-2025-69357
CVE-2025-69357 is an authenticated Stored XSS in TheGem Theme Elements (for Elementor). The Gem elements affected: TheGem Theme Elements (for Elementor) up to version 5.11.0; impact is stored cross-site scripting with attacker-controlled input, requiring user interaction and with access restricte...
CVE-2025-69356
CVE-2025-69356 refers to an authenticated Local File Inclusion in TheGem Theme Elements (for Elementor) from the TheGem Theme Elements family. The issue arises from Improper Control of Filename for Include/Require Statements in PHP, affecting TheGem Theme Elements (for Elementor) up to version 5....
CVE-2025-69360
CVE-2025-69360 affects TheGem Theme Elements (for WPBakery) up to version 5.11.0. The connected Wordfence source associates authenticated (Contributor+) XSS (DOM-based/Stored depending on entry) with TheGem Theme Elements and notes patching to a fixed release. If using affected versions, an attac...
CVE-2025-69360 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.11.0...
WordPress plugin TheGem Theme Elements (for Elementor) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1487
Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Theme Elements for WPBakery versions through 5.11.0 Description TheGem Theme Elements for WPBakery contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS...
PT-2026-1485
Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Theme Elements for Elementor versions through 5.11.0 Description TheGem Theme Elements for Elementor is susceptible to a Stored Cross-site Scripting XSS issue. This occurs due to improper neutralization of input during web...
WordPress plugin TheGem Theme Elements (for Elementor) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin TheGem Theme Elements (for WPBakery) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure over the /static endpoint. An attacker can determine the existence of internal path components by sending requests to probe for absolute path elements. Remediation Upgrade aiohttp to version 3.13.3 or higher...
GHSA-MQQC-3GQH-H2X8 AIOHTTP has unicode match groups in regexes for ASCII protocol elements
Summary The parser allows non-ASCII decimals to be present in the Range header. Impact There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. ---- Patch:...
EUVD-2026-0840
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7...
EUVD-2026-0005
CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...