17 matches found
CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets
The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...
CVE-2025-13535
CVE-2025-13535 – King Addons for Elementor (WordPress) is a DOM-Based Stored Cross-Site Scripting vulnerability affecting all versions up to 51.1.38. The root cause is inadequate input sanitization and output escaping across multiple widgets/features. The plugin uses esc_attr() and esc_url() insi...
EUVD-2023-36770
Malicious code in bioql PyPI...
EUVD-2023-36769
Malicious code in bioql PyPI...
CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output...
CVE-2024-13153
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2023-32526
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
CVE-2024-13153 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
WordPress plugin Royal Elementor Addons and Templates 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-32526
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
Design/Logic Flaw
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
Design/Logic Flaw
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
CVE-2023-32526
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
CVE-2023-32525
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
CVE-2023-32525
Trend Micro Mobile Security Enterprise 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi...
CVE-2021-24259
The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...
Final Countdown - Widget - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Final Countdown - Widget published at the 'play' market has multiple vulnerabilities...