WordPress Elementor Addon Elements plugin <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.13.6...

WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Kentha Elementor Widgets versions 3.1...

CVE-2026-24390

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...

CVE-2026-24390 WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...

CVE-2026-24390

CVE-2026-24390 describes a Local File Inclusion in the WordPress plugin Kentha Elementor Widgets (Kentha Elementor Widgets) caused by improper filename control in PHP include/require. Affected: Kentha Elementor Widgets versions = 3.1.0. Technical details in connected docs confirm the vulnerabilit...

CVE-2026-24390

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...

CVE-2026-24390 WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...

WordPress plugin Kentha Elementor Widgets has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

CVE-2021-47835

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remot...

Malicious Package

Overview lusha-integrations-widgets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview lusha-widgets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in lusha-integrations-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3064

Malicious code in lusha-widgets npm...

Malicious code in lusha-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47311f434688a3bfc2d92cc352f17ea81881ca4fd76850cf58e5a8de684b8083 The package lusha-widgets was found to contain malicious code. Source: ghsa-malware f47912da61d1b54a9476138aabefeb11945badc0bdc05666b5b23989d16f8f2a...

EUVD-2026-3067

Malicious code in lusha-integrations-widgets npm...

MAL-2026-292 Malicious code in lusha-integrations-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...

MAL-2026-295 Malicious code in lusha-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47311f434688a3bfc2d92cc352f17ea81881ca4fd76850cf58e5a8de684b8083 The package lusha-widgets was found to contain malicious code. Source: ghsa-malware f47912da61d1b54a9476138aabefeb11945badc0bdc05666b5b23989d16f8f2a...

Malicious code in @workleap-widgets/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0a9fe50f30201e6a1a6a853aa62e6b2b64237598b60ac59e8c74974d8e33ca The package @workleap-widgets/client was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1985

Malicious code in @workleap-widgets/client npm...

Malicious Package

Overview @workleap-widgets/client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...