CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/04/28 6:17 a.m.•13 views

CVE-2025-1458

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

6.4CVSS5.9AI score0.00164EPSS

RedhatCVE•added 2025/04/26 5:30 p.m.•5 views

CVE-2025-46472

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.1.6...

6.5CVSS7.2AI score0.00174EPSS

OSV•added 2025/04/26 6:15 a.m.•4 views

CVE-2025-1458

5.4CVSS7.4AI score0.00164EPSS

NVD•added 2025/04/26 6:15 a.m.•10 views

CVE-2025-1458

6.4CVSS0.00164EPSS

CVE•added 2025/04/26 5:34 a.m.•61 views

CVE-2025-1458

CVE-2025-1458 affects the WordPress plugin Element Pack Addons for Elementor (Lite/Pro) up to version 5.10.29. The issue is a stored cross-site scripting (XSS) caused by insufficient input sanitization and output escaping in multiple widgets (e.g., Dual Button, Creative Button, Image Stack). Expl...

6.4CVSS5.7AI score0.00164EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/04/26 5:34 a.m.•10 views

CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS5.7AI score0.00164EPSS

Cvelist•added 2025/04/26 5:34 a.m.•17 views

CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00164EPSS

Positive Technologies•added 2025/04/26 12:0 a.m.•3 views

PT-2025-17947 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin versions up to, and including, 5.10.29 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitizati...

6.4CVSS6.1AI score0.00164EPSS

Exploits0References10

CNNVD•added 2025/04/26 12:0 a.m.•2 views

WordPress plugin Element Pack Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS6.6AI score0.00164EPSS

Exploits0References4

Patchstack•added 2025/04/25 9:34 p.m.•7 views

WordPress Element Pack Elementor Addons plugin <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.29...

6.4CVSS6.3AI score0.00164EPSS

Exploits0References1Affected Software1

IBM Security Bulletins•added 2025/04/25 1:28 p.m.•24 views

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)

Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...

9.2CVSS8.4AI score0.00747EPSS

IBM Security Bulletins•added 2025/04/24 6:48 p.m.•16 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests...

4.1CVSS6.8AI score0.00123EPSS

Patchstack•added 2025/04/24 5:4 p.m.•2 views

WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin The Pack Elementor addons versions = 2.1.6...

6.5CVSS7.1AI score0.00174EPSS

NVD•added 2025/04/24 4:15 p.m.•11 views

CVE-2025-46472

6.5CVSS0.00174EPSS

CVE•added 2025/04/24 4:8 p.m.•47 views

CVE-2025-46472

CVE-2025-46472 corresponds to a Stored XSS in WordPress The Pack Elementor addons, caused by improper input neutralization during web page generation. Affected versions are The Pack Elementor addons up to 2.1.2 (n/a to 2.1.2). The CVE has a CVSS v3.1 base score of 6.5 (Network attack, Low precisi...

6.5CVSS7.2AI score0.00174EPSS

Vulnrichment•added 2025/04/24 4:8 p.m.•4 views

CVE-2025-46472 WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS8.6AI score0.00174EPSS

CNNVD•added 2025/04/24 12:0 a.m.•1 views

WordPress plugin The Pack Elementor addons 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

6.5CVSS6.4AI score0.00174EPSS

OSSF Malicious Packages•added 2025/04/20 10:32 a.m.•4 views

Malicious code in studocu-extension-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b65c603a493cae2050aa25da30a9442d60b84baa80985df69af20af3e08fc9f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score