854 matches found
CVE-2025-8200
CVE-2025-8200 affects Mega Elements – Addons for Elementor (WordPress): Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to 1.3.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-lev...
CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
The Mega Elements – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Timer widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress plugin Mega Elements – Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-39479
Name of the Vulnerable Software and Affected Versions Mega Elements – Addons for Elementor plugin for WordPress versions up to and including 1.3.2 Description The software contains a Stored Cross-Site Scripting issue within the Countdown Timer widget. Insufficient input sanitization and output...
WordPress Mega Elements plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by zer0gh0st in WordPress Plugin Mega Elements versions = 1.3.2...
CVE-2025-53463
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...
WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin HT Mega – Absolute Addons for WPBakery Page Builder versions = 1.0.9...
CVE-2025-53463
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...
CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...
CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder ht-mega-for-wpbakery allows DOM-Based XSS.This issue affects HT Mega – Absolute Addons for WPBakery Page Builder: from n/a through =...
PT-2025-38999
Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons for WPBakery Page Builder versions through 1.0.9 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instan...
WordPress plugin HT Mega – Absolute Addons for WPBakery Page Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
CVE-2025-58639
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...
WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin Contact Form By Mega Forms versions = 1.6.1...
CVE-2025-58639
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...
CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...
CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...
CVE-2025-58639
CVE-2025-58639 (WordPress) : The vulnerability is in the WordPress plugin Contact Form By Mega Forms , affected versions up to 1.6.1 . The issue is a Missing/Broken Authorization flaw due to incorrectly configured access control, enabling unauthorized actions as described in multiple sources (Pat...
PT-2025-35767
Name of the Vulnerable Software and Affected Versions: Ali Khallad Contact Form By Mega Forms versions through 1.6.1 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update Ali Khallad Contact Form By Me...