WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Panel Slider Widget vulnerability discovered by RandomRoot in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through = 8.3.13...

EUVD-2024-46753

Malicious code in bioql PyPI...

EUVD-2024-17183

Malicious code in bioql PyPI...

EUVD-2024-50172

Malicious code in bioql PyPI...

EUVD-2024-44246

Malicious code in bioql PyPI...

EUVD-2024-17182

Malicious code in bioql PyPI...

EUVD-2024-17180

Malicious code in bioql PyPI...

CVE-2025-58650 WordPress All In One SEO Pack Plugin <= 4.8.7.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All In One SEO Pack: from n/a through = 4.8.7.1...

PT-2025-38938

Name of the Vulnerable Software and Affected Versions Syed Balkhi All In One SEO Pack versions through 4.8.7 Description A flaw exists in Syed Balkhi All In One SEO Pack that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Upda...

WordPress AL Pack plugin unauthorized access vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress AL Pack plugin, which stems from a lack of functionality checking of the checkactivatepermission permission callback...

CVE-2025-7664 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

PT-2025-33530 · WordPress · Al Pack For Wordpress

Name of the Vulnerable Software and Affected Versions: AL Pack for WordPress versions up to and including 1.0.2 Description: The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check activate permission permission callback for the...

WordPress plugin AL Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress AL Pack plugin, which stems from a lack of functionality checking of the checkactivatepermission permission callback...

CVE-2025-8100

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markercontent' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-5554

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclickevent’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and outp...

CVE-2024-5555

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and...

CVE-2024-10493

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the...

CVE-2024-9867

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' markercontent parameter in all versions up to, and including, 5.10.2 due to insufficient input...

CVE-2024-4359

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the rendersvg function...