Lucene search
+L

1137 matches found

Cvelist
Cvelist
added 2026/04/04 7:41 a.m.27 views

CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1.4.20 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/04 7:41 a.m.8 views

CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1.4.20 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/04 7:41 a.m.2 views

CVE-2025-13368

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1.4.20 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00195EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 7:41 a.m.14 views

CVE-2025-13368

The CVE-2025-13368 entry concerns the WordPress plugin Xpro Addons — 140+ Widgets for Elementor . It is vulnerable to Stored Cross-Site Scripting via the Pricing Widget’s onClick Event setting in all versions up to and including 1.4.20, caused by insufficient input sanitization and output escapin...

6.4CVSS6.1AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30306

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1.4.20 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00195EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 6:45 p.m.12 views

WordPress Woocommerce Custom Product Addons Pro plugin <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability

Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability discovered by Ren Voza in WordPress Plugin Woocommerce Custom Product Addons Pro versions = 5.4.1...

9.8CVSS5.9AI score0.00707EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/24 12:30 a.m.5 views

EUVD-2026-14652

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 11:25 p.m.30 views

CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS0.00707EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 11:25 p.m.2 views

CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2026/03/23 11:25 p.m.24 views

CVE-2026-4001

The CVE-2026-4001 affects the WordPress plugin Woocommerce Custom Product Addons Pro, with Remote Code Execution via an unsafely handled custom pricing formula. The root cause is insufficient sanitization in process_custom_formula() (includes/process/price.php) where user input is passed to PHP e...

9.8CVSS6.3AI score0.00707EPSS
In wildExploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:25 p.m.3 views

CVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27265

Name of the Vulnerable Software and Affected Versions Woocommerce Custom Product Addons Pro versions prior to 5.4.2 Description The Woocommerce Custom Product Addons Pro plugin for WordPress is susceptible to Remote Code Execution. This occurs because of inadequate sanitization and validation of...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References10
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11766

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References6
NVD
NVD
added 2026/03/13 7:54 p.m.10 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS0.0035EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25159

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frm strp amount AJAX handler update intent ajax overwriting the global $ POST data with attacker-controlled JSON input and...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/03/11 9:15 a.m.8 views

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities...

9.8CVSS6.4AI score0.03178EPSS
Exploits1
CNVD
CNVD
added 2026/03/09 12:0 a.m.5 views

Microsoft Devices Pricing Program Code Issue Vulnerability

The Microsoft Devices Pricing Program is Microsoft's exclusive device purchasing and pricing mechanism for enterprise customers, partners, or select channels to enjoy customized pricing, terms of business, and support for volume purchases of Surface Series devices such as Surface Laptop, Surface...

9.8CVSS6.1AI score0.01596EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.5 views

CVE-2026-21536

Microsoft Devices Pricing Program Remote Code Execution Vulnerability...

9.8CVSS5.9AI score0.01596EPSS
Exploits0References1
Rows per page
Query Builder