CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

285 matches found

EUVD•added 2026/05/05 6:31 a.m.•9 views

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS

Exploits0References7

NVD•added 2026/05/05 5:16 a.m.•8 views

CVE-2026-4362

6.5CVSS0.00355EPSS

Exploits0References6

Cvelist•added 2026/05/05 4:27 a.m.•35 views

CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

6.5CVSS0.00355EPSS

Exploits0References6

CVE•added 2026/05/05 4:27 a.m.•13 views

CVE-2026-4362

ElementsKit Elementor Addons for WordPress (up to version 3.8.2) is affected by an unauthenticated data-modification vulnerability. The root cause is a missing capability check in Live_Action::reset(), which is hooked to WordPress init and triggered when both post and action=elementor are present...

6.5CVSS5.8AI score0.00355EPSS

Exploits0References6

ATTACKERKB•added 2026/05/05 4:27 a.m.•4 views

CVE-2026-4362

6.5CVSS5.8AI score0.00355EPSS

Exploits0References7

Vulnrichment•added 2026/05/05 4:27 a.m.•1 views

CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

6.5CVSS5.8AI score0.00355EPSS

Exploits0References6

CNNVD•added 2026/05/05 12:0 a.m.•6 views

WordPress plugin ElementsKit Elementor Addons 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00355EPSS

Exploits0References1

Positive Technologies•added 2026/05/05 12:0 a.m.•6 views

PT-2026-36971

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS

Exploits0References7

CNVD•added 2026/04/10 12:0 a.m.•2 views

WordPress Plugin ElementsKit Elementor Addons and Templates Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...

6.4CVSS5.2AI score0.00293EPSS

Exploits1

RedhatCVE•added 2026/04/05 10:55 a.m.•4 views

CVE-2026-2600

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekittabtitle' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00293EPSS

Exploits1References1

EUVD•added 2026/04/04 9:30 a.m.•4 views

EUVD-2026-18979

6.4CVSS6.1AI score0.00293EPSS

Exploits1References3

NVD•added 2026/04/04 8:16 a.m.•2 views

CVE-2026-2600

6.4CVSS0.00293EPSS

Exploits1References2

CVE•added 2026/04/04 7:41 a.m.•12 views

CVE-2026-2600

The CVE pertains to the WordPress plugin ElementsKit Elementor Addons and Templates. All versions up to 3.7.9 are vulnerable to stored XSS via the ekit_tab_title field in the Simple Tab widget due to insufficient input sanitization and output escaping. An authenticated Contributor+ can craft Elem...

6.4CVSS6.1AI score0.00293EPSS

Exploits1References2

Cvelist•added 2026/04/04 7:41 a.m.•21 views

CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

6.4CVSS0.00293EPSS

Exploits1References2

Vulnrichment•added 2026/04/04 7:41 a.m.•2 views

CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget

6.4CVSS6.1AI score0.00293EPSS

Exploits1References2

ATTACKERKB•added 2026/04/04 7:41 a.m.•1 views

CVE-2026-2600

6.4CVSS6.1AI score0.00293EPSS

Exploits1References3

Patchstack•added 2026/04/04 12:5 a.m.•2 views

WordPress ElementsKit Elementor Addons and Templates plugin <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Simple Tab Widget vulnerability discovered by knani alaaeddine iwd in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.7.9...

6.4CVSS5.9AI score0.00293EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/04 12:0 a.m.•2 views

PT-2026-30312

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit tab title' parameter in the Simple Tab widget in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00293EPSS

Exploits1References3

CNNVD•added 2026/04/04 12:0 a.m.•3 views

WordPress plugin ElementsKit Elementor Addons and Templates 跨站脚本漏洞

6.4CVSS5.7AI score0.00293EPSS

Exploits1References2

RedhatCVE•added 2026/02/24 10:25 p.m.•5 views

CVE-2026-23693

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

10CVSS5.5AI score0.00384EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by