2018 matches found
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543
CVE-2025-67543 : WordPress plugin Catch Themes Essential Widgets (essential-widgets) contains a Stored XSS vulnerability due to improper neutralization of input during web page generation. It affects Essential Widgets versions from unspecified earlier through 2.2.2 (inclusive). The issue enables ...
CVE-2025-67543 WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543 WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
WordPress plugin Essential Widgets 安全漏洞
WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...
PT-2025-49919
Name of the Vulnerable Software and Affected Versions Catch Themes Essential Widgets versions through 2.2.2 Description A flaw exists in Catch Themes Essential Widgets that allows for Stored Cross-site Scripting XSS. This issue occurs due to improper neutralization of input during web page...
CVE-2025-12510 Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13.2.4 due to insufficient input sanitization and output escaping on Google Reviews data imported by the plugin. This makes it possible for unauthenticated...
[SECURITY] Fedora 43 Update: kf6-kwidgetsaddons-6.20.0-2.fc43
KDE Frameworks 6 Tier 1 addon with various classes on top of QtWidgets...
WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Mdr in WordPress Plugin Ultimate Member Widgets for Elementor versions = 2.3...
WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Mdr in WordPress Plugin Essential Widgets versions = 2.2.2...
CVE-2025-12778
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handlefilterusers function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attacker...
CVE-2025-12778
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handlefilterusers function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attacker...
CVE-2025-12778 Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handlefilterusers function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attacker...
CVE-2025-12778
The CVE-2025-12778 vulnerability affects the Ultimate Member Widgets for Elementor – WordPress User Directory plugin. It arises from a missing capability check in handle_filter_users, affecting all versions up to and including 2.3, allowing unauthenticated attackers to read partial user metadata ...
PT-2025-47555
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle filter users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated...
WordPress plugin Ultimate Member Widgets for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
CVE-2025-12652
The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This mak...
CVE-2025-11129
The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-60971
The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This mak...
CVE-2025-12652
The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This mak...