5 matches found
CVE-2025-9703
The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability...
WordPress Elementor Header & Footer Builder plugin <= 1.6.35 - Contributor+ DOM-Based Cross Site Scripting (XSS) vulnerability
Contributor+ DOM-Based Cross Site Scripting XSS vulnerability discovered by wcraft Patchstack Alliance in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.35...
WordPress Elementor Header & Footer Builder plugin <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.26...
WordPress Elementor Header & Footer Builder plugin <= 1.6.26 - Authenticated (Author+) HTML Injection vulnerability
Authenticated Author+ HTML Injection vulnerability discovered by wesley wcraft in WordPress Plugin Ultimate Addons for Elementor - Lite versions = 1.6.26...
VulnCheck KEV: CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...