Lucene search
K

1064 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40885

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register user' function, which only blocks the 'administrator'...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.20 views

WordPress plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS6AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 5:16 a.m.9 views

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS0.00419EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/02 4:27 a.m.6 views

EUVD-2026-26733

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS6AI score0.00419EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/02 4:27 a.m.36 views

CVE-2026-4658 Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS0.00419EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/02 4:27 a.m.3 views

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS6AI score0.00419EPSS
Exploits0References11
CVE
CVE
added 2026/05/02 4:27 a.m.18 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00419EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.6 views

PT-2026-36565

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

6.4CVSS6AI score0.00419EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin Essential Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00419EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 4:12 p.m.7 views

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Essential Blocks for Gutenberg versions = 6.0.4...

6.4CVSS5.8AI score0.00419EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/22 4:0 p.m.8 views

WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Essential Addons for Elementor versions 6.6.0...

5.1AI score0.00214EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.4 views

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS5.9AI score0.01318EPSS
Exploits1References1
Wordfence Blog
Wordfence Blog
added 2026/04/10 4:18 p.m.8 views

The Increasing Role of AI in Vulnerability Research

At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related vulnerabilities. Funding this research helps us improve security for the WordPress community overall, and helps us secure our customers by rolling out protection f...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/09 5:1 p.m.3 views

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS5.9AI score0.01318EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/08 6:33 p.m.5 views

EUVD-2024-33808

The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.01172EPSS
Exploits0References5
NVD
NVD
added 2026/02/19 9:16 a.m.5 views

CVE-2026-23543

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through = 6.5.5...

5.3CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.3 views

CVE-2026-23543 WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through = 6.5.5...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:26 a.m.26 views

CVE-2026-23543 WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through = 6.5.5...

5.3CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:26 a.m.7 views

CVE-2026-23543

CVE-2026-23543 affects WPDeveloper Essential Addons for Elementor Lite (upto and including version 6.5.5). The root cause is Missing Authorization due to incorrectly configured access control, described as a Broken Access Control vulnerability. The NVD/Red Hat/CVE records consistently note this i...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References1
Rows per page
Query Builder