Lucene search
K

1069 matches found

Cvelist
Cvelist
added 2026/06/06 2:28 a.m.44 views

CVE-2026-7665 Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS0.0515EPSS
Exploits1References14
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34950

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References14
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7665

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajaxloadmore function due to insufficient restrictions on which posts can be included. This makes it possible f...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References15
CVE
CVE
added 2026/06/06 2:28 a.m.44 views

CVE-2026-7665

CVE-2026-7665 affects the WordPress plugin Essential Addons for Elementor (up to version 6.6.4). The issue arises in the ajax_load_more handler, with insufficient restrictions on which posts can be returned, enabling unauthenticated attackers to extract data from password-protected, private, or d...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.32 views

PT-2026-47130

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.5 Description The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the ajax load more function. This allows unauthenticated...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References16
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.11 views

WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.0515EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5193

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'registeruser' function, which only blocks the 'administrator' rol...

6.5CVSS5.4AI score0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 2:25 p.m.12 views

WordPress Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Anirudh Makkar in WordPress Plugin Essential Addons for Elementor versions = 6.6.4...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/05 4:6 a.m.13 views

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.3 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Shambles in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.3...

7.2CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

WPDeveloper Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 服务端请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.2CVSS6.1AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:28 p.m.48 views

CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:28 p.m.25 views

CVE-2026-10586

The CVE describes a Server-Side Request Forgery in the Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns WordPress plugin. Affected software: WordPress plugin, versions up to and including 6.1.3. Vulnerable component: save_ai_generated_image() function. Root cause: CSRF-li...

7.2CVSS5.9AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.16 views

CVE-2026-8681

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 3:16 a.m.28 views

CVE-2026-8681

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS0.00319EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/16 2:26 a.m.57 views

CVE-2026-8681 Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS0.00319EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/16 2:26 a.m.10 views

CVE-2026-8681 Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References3
CVE
CVE
added 2026/05/16 2:26 a.m.19 views

CVE-2026-8681

CVE-2026-8681 affects the WordPress plugin “Essential Chat Support” up to version 1.0.1. The issue is an authorization bypass where unauthenticated attackers can reset all plugin settings by sending a POST request with ecs_reset_settings=1, potentially affecting general settings, display rules, c...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 2:26 a.m.22 views

EUVD-2026-30669

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

WordPress plugin Essential Chat Support 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/15 1:35 p.m.10 views

WordPress Essential Chat Support plugin <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset vulnerability

Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Essential Chat Support versions = 1.0.1...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder