[SECURITY] Fedora 44 Update: kf6-kconfigwidgets-6.25.0-1.fc44

KConfigWidgets provides easy-to-use classes to create configuration dialogs, as well as a set of widgets which uses KConfig to store their settings...

[SECURITY] Fedora 44 Update: kf6-kcompletion-6.25.0-1.fc44

KCompletion provides widgets with advanced completion support as well as a lower-level completion class which can be used with your own widgets...

WordPress WP News and Scrolling Widgets plugin <= 5.0.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP News and Scrolling Widgets versions = 5.0.6...

[SECURITY] Fedora 44 Update: efl-1.28.1-6.fc44

EFL is a collection of libraries for handling many common tasks a developer may have such as data structures, communication, rendering, widgets and more...

CVE-2026-5742

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

PT-2026-31579

Name of the Vulnerable Software and Affected Versions UsersWP plugin for WordPress versions up to and including 1.2.60 Description The UsersWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. Insufficient input sanitization of user-supplied URL fields and improper output escapi...

CVE-2026-5425

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

EUVD-2026-18989

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-5425

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

WordPress King Addons for Elementor plugin <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin King Addons for Elementor versions = 51.1.53...

CVE-2025-6229

The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Text Widget And Countdown Widget DOM attributes in...

CVE-2026-1397

The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...

CVE-2026-29072

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, an...

WordPress PQ Addons - Creative Elementor Widgets plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes vulnerability

WordPress PQ Addons - Creative Elementor Widgets plugin = 1.0.0 - Authenticated Contributor+ Stored Cross-Site Scripting via Widget Attributes vulnerability discovered by WordFence in WordPress Plugin PQ Addons – Creative Elementor Widgets versions = 1.0.0...

CVE-2025-6229

The Sina Extension for Elementor Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Text Widget And Countdown Widget DOM attributes in...

CVE-2026-1397

The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...

CVE-2026-1397 PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes

The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on the htmltag parameter in the PQ Section Title widget. This...