PT-2026-3959

Name of the Vulnerable Software and Affected Versions Element Pack Elementor Addons versions through 8.3.13 Description A Cross-Site Request Forgery CSRF issue exists in Element Pack Elementor Addons. This allows attackers to perform actions on behalf of authenticated users. Recommendations Updat...

EUVD-2025-8343

Malicious code in bioql PyPI...

EUVD-2025-19350

Malicious code in bioql PyPI...

EUVD-2024-30505

Malicious code in bioql PyPI...

EUVD-2024-42419

Malicious code in bioql PyPI...

EUVD-2025-12055

Malicious code in bioql PyPI...

EUVD-2024-37608

Malicious code in bioql PyPI...

EUVD-2024-44880

Malicious code in bioql PyPI...

EUVD-2024-30571

Malicious code in bioql PyPI...

EUVD-2025-31678

Malicious code in bioql PyPI...

EUVD-2024-45861

Malicious code in bioql PyPI...

EUVD-2024-33030

Malicious code in bioql PyPI...

EUVD-2025-8294

Malicious code in bioql PyPI...

CVE-2025-8214

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typing Letter widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8214 The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typing Letter widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8214

CVE-2025-8214 concerns The Pack Elementor addon for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the widget “Typing Letter”, affecting all versions up to and including 2.1.5. Root cause is insufficient input sanitization and output escaping on user-supplied attributes, e...

PT-2025-39938

Name of the Vulnerable Software and Affected Versions The Pack Elementor addon plugin for WordPress versions prior to 2.1.6 Description The software is susceptible to Stored Cross-Site Scripting through the Typing Letter widget. Insufficient input sanitization and output escaping on user-supplied...

CVE-2025-8100

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress Element Pack Elementor Addons plugin <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 8.1.5...

CVE-2025-6550

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideroptions’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...