Lucene search
K

854 matches found

CVE
CVE
added 2025/09/26 1:47 a.m.17 views

CVE-2025-8200

CVE-2025-8200 affects Mega Elements – Addons for Elementor (WordPress): Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to 1.3.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-lev...

6.4CVSS4.7AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/26 1:47 a.m.9 views

CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/26 1:47 a.m.2 views

CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS4.7AI score0.00222EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.3 views

WordPress plugin Mega Elements – Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.4 views

PT-2025-39479

Name of the Vulnerable Software and Affected Versions Mega Elements – Addons for Elementor plugin for WordPress versions up to and including 1.3.2 Description The software contains a Stored Cross-Site Scripting issue within the Countdown Timer widget. Insufficient input sanitization and output...

6.4CVSS5.3AI score0.00222EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/09/25 11:34 p.m.4 views

WordPress Mega Elements plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by zer0gh0st in WordPress Plugin Mega Elements versions = 1.3.2...

6.4CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.4 views

CVE-2025-53463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

6.5CVSS5.9AI score0.0025EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 7:39 p.m.4 views

WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin HT Mega – Absolute Addons for WPBakery Page Builder versions = 1.0.9...

6.5CVSS5.7AI score0.0025EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/22 7:15 p.m.2 views

CVE-2025-53463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

6.5CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:25 p.m.9 views

CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

6.5CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:25 p.m.2 views

CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...

6.5CVSS5.2AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-38999

Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons for WPBakery Page Builder versions through 1.0.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instan...

6.5CVSS5.7AI score0.0025EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.2 views

WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.5CVSS5.9AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.6 views

CVE-2025-58639

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/03 3:17 p.m.7 views

WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin Contact Form By Mega Forms versions = 1.6.1...

5.4CVSS6.6AI score0.00202EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/03 3:15 p.m.4 views

CVE-2025-58639

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

5.4CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 2:36 p.m.2 views

CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 2:36 p.m.12 views

CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

5.4CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 2:36 p.m.11 views

CVE-2025-58639

CVE-2025-58639 (WordPress) : The vulnerability is in the WordPress plugin Contact Form By Mega Forms , affected versions up to 1.6.1 . The issue is a Missing/Broken Authorization flaw due to incorrectly configured access control, enabling unauthorized actions as described in multiple sources (Pat...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35767

Name of the Vulnerable Software and Affected Versions: Ali Khallad Contact Form By Mega Forms versions through 1.6.1 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update Ali Khallad Contact Form By Me...

5.4CVSS6.3AI score0.00202EPSS
Exploits0References3
Rows per page
Query Builder