PT-2025-8685

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor affected versions not specified Description A critical XSS flaw has been identified in the Essential Addons for Elementor WordPress plugin, potentially placing over two million websites in jeopardy. This...

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated...

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million...

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. According to researchers at WordPress, both security bugs can lead to cross-site request forgery CSRF and...

Popular applications AddThis presence postMessage XSS vulnerability million sites are affected-vulnerability warning-the black bar safety net

AddThis is a paragraph with more than one million users use the web pages Share button. In the earlier this year is found to existXSSvulnerabilities. In a previous article has described the postMessage API defects. And this article will describe how I identified and then use the AddThis Share...