125 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013155)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013155 advisory. In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in statusresync statusresync will calculate 'currresync - recoveryactive' to...
EUVD-2026-20056
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...
CVE-2026-3311
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...
CVE-2026-3311 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient input sanitization an...
CVE-2026-3311
The CVE-2026-3311 family concerns The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce (WordPress) up to version 6.4.9. All connected sources describe a Stored Cross-Site Scripting vulnerability via the Progress Bar shortcode caused by insufficient...
WordPress plugin The Plus Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-31086
Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress versions up to and including 6.4.9 Description The Plus Addons for Elementor plugin for WordPress is susceptible to Stor...
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Progress Bar vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2025-12658
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12880
The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...
EUVD-2025-60935
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12880
The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...
CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12658
CVE-2025-12658 affects the WordPress plugin Preload Current Images (versions up to 1.3). The vulnerability is a Stored Cross‑Site Scripting (XSS) via the complete parameter in the preload_progress_bar shortcode, caused by insufficient input sanitization and output escaping of user-supplied attrib...
CVE-2025-12658 Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preloadprogressbar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-12880
CVE-2025-12880 concerns the WordPress plugin Progress Bar Blocks for Gutenberg . The issue is a Stored Cross-Site Scripting (XSS) vulnerability via SVG file uploads caused by insufficient input sanitization and output escaping. It affects all versions up to and including 1.0.0, with exploitation ...
CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...
CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...
WordPress Progress Bar Blocks for Gutenberg plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Progress Bar Blocks for Gutenberg versions = 1.0.0...