2018 matches found
CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read
The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...
PT-2025-32628 · WordPress · Uicore Elements
Name of the Vulnerable Software and Affected Versions: UiCore Elements – Free Elementor widgets and templates for WordPress versions up to and including 1.3.0 Description: The plugin is susceptible to arbitrary file reading via the prepare template function. This is due to a missing capability...
CLSA-2025-1754648405 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835
SECURITY UPDATE: potential file creation/truncation when cloning untrusted repository in gitk - debian/patches/CVE-2025-27613CVE-2025-27614CVE-2025-46835.patch: improve dark mode support, remove hard-coded colors in ttext calls and use colors from the theme for text widgets via Text.Background an...
MAL-2025-6690 Malicious code in ace-widgets (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in ace-widgets (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-7845
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2025-7845
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2025-7845
CVE-2025-7845 affects the WordPress plugin Stratum – Elementor Widgets (versions up to and including 1.6.0). The vulnerability is a Stored Cross-Site Scripting flaw in the Advanced Google Maps and Image Hotspot widgets caused by insufficient input sanitization and output escaping on user-supplied...
PT-2025-31604 · Elementor +1 · Elementor +1
Name of the Vulnerable Software and Affected Versions: Stratum – Elementor Widgets versions up to and including 1.6.0 Description: The Stratum – Elementor Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Advanced Google Maps and Image Hotspot widgets...
MAL-2025-5465 Malicious code in tableau-widgets-datagrid (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in tableau-widgets-datagrid (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-5585
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress SiteOrigin Widgets Bundle plugin cross-site scripting vulnerability
WordPress SiteOrigin Widgets Bundle is a powerful WordPress plugin that provides a rich set of highly customizable widgets for enhancing the layout and functionality of your website, supporting a wide range of page builders and editors to help users easily create professional and beautiful...
CVE-2025-5338
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-5585
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5585
The CVE-2025-5585 entry concerns the SiteOrigin Widgets Bundle plugin for WordPress. A Stored Cross-Site Scripting flaw exists in all versions up to 1.68.4 (and discussed variants up to 1.68.5 in related advisories) due to insufficient input sanitization and output escaping, specifically via the ...
CVE-2025-5585 SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-url DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2025-26806 · WordPress · Siteorigin Widgets Bundle
Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to and including 1.68.4 Description: The issue is related to Stored Cross-Site Scripting via the data-url DOM Element Attribute. This occurs due to insufficient input sanitization and...
WordPress plugin SiteOrigin Widgets Bundle 跨站脚本漏洞
WordPress SiteOrigin Widgets Bundle is a powerful WordPress plugin that provides a rich set of highly customizable widgets for enhancing the layout and functionality of your website, supporting a wide range of page builders and editors to help users easily create professional and beautiful...