CVE-2026-6504

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

PT-2025-49358

Name of the Vulnerable Software and Affected Versions WordPress Starter Templates versions up to and including 4.4.41 Description The Starter Templates plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation when handling WXR files. This allows files wi...

CVE-2025-6251 Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item'fieldid' in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-47425

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item'field id' in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2019-11584

Malware in sbrugna...

EUVD-2022-49950

Malicious code in bioql PyPI...

CVE-2024-1467

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the aiapirequest. This makes it possible for authenticated attackers, with contributor-level access and above, ...

CVE-2024-12441

The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2023-25490

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin = 1.7.4 versions...

WordPress plugin Rife Elementor Extensions & Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1007 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Royal Elementor Addons versions = 1.7.1007...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.987 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Royal Elementor Addons versions = 1.3.987...

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.7.1003...

CVE-2024-50442 WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability

Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through = 1.3.980...

CVE-2024-10049

The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Royal Elementor Addons and Templates 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2024-31949 · WordPress · The Starter Templates — Elementor

Name of the Vulnerable Software and Affected Versions: The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress versions up to, and including, 4.2.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and outp...

WordPress plugin Royal Elementor Addons and Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-2799

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability

IP Bypass vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin Royal Elementor Addons versions = 1.3.93...