CVE-2025-66116 WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through = 2.3...

EUVD-2025-9174

Malicious code in bioql PyPI...

CVE-2025-48354

CVE-2025-48354 affects WordPress plugin Better Post & Filter Widgets for Elementor (WP Smart Widgets). The issue is a Stored XSS caused by improper input neutralization during web page generation, impacting versions up to 1.6.0 (sources also reference later patch info). CVSSv3.1 base score 6.5 (A...

CVE-2025-22806

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through = 1.3.8...

CVE-2024-51662

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets.This issue affects Black Widgets For Elementor: from n/a through = 1.3.6...

CVE-2025-31869 WordPress Black Widgets For Elementor plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS. This issue affects Black Widgets For Elementor: from n/a through 1.3.9...

PT-2025-14246 · Unknown · Black Widgets For Elementor

Name of the Vulnerable Software and Affected Versions: Black Widgets For Elementor versions 1.3.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

CVE-2024-52354

CVE-2024-52354 affects the WordPress plugin Web Stories Widgets For Elementor (stored XSS in web story widgets). Public writeups in the connected Red Hat and Wordfence entries confirm the issue is an improper neutralization of input during web page generation, enabling a stored XSS payload that c...

CVE-2024-51662 WordPress Black Widgets For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor black-widgets.This issue affects Black Widgets For Elementor: from n/a through = 1.3.6...

WordPress plugin ThemeShark Templates & Widgets for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-34740 · Unknown · Themeshark Templates & Widgets For Elementor

Name of the Vulnerable Software and Affected Versions: ThemeShark Templates & Widgets for Elementor versions 1.1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, wher...

WordPress ThemeShark Templates & Widgets for Elementor plugin <= 1.1.7 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin ThemeShark Templates & Widgets for Elementor versions = 1.1.7...

CVE-2024-9388

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2024-9388 Black Widgets For Elementor <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

WordPress plugin Black Widgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-39644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5...

CVE-2024-39644 WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5...

CVE-2024-39662

CVE-2024-39662 – Black Widgets For Elementor : Stored XSS in the WordPress plugin Black Widgets For Elementor (

WordPress Black Widgets For Elementor Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Black Widgets For Elementor Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39662 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bcfbb0de7eeb Credits 4rCanJ0x! Required privile...

CVE-2024-33649 WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9...