CVE-2026-32460

CVE-2026-32460 concerns the WordPress plugin Themefic Ultimate Addons for Contact Form 7, affected up to version 3.5.36. The vulnerability is described as Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, enabling exploitation via configured access con...

CVE-2026-28038

CVE-2026-28038 : WordPress plugin Ultimate Addons for WPBakery Page Builder (versions

CVE-2026-24945 WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.34 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animation Title widget img tag vulnerability discovered by Sebastião Gavião Sebastgav - Gavsec in WordPress Plugin Enter Addons versions = 2.1.5...

CVE-2025-62748 WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.5...

CVE-2025-58793

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBean WPB Elementor Addons wpb-elementor-addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through = 1.7...

WordPress Exclusive Addons for Elementor plugin <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by Webbernaut in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.1...

CVE-2025-48244 WordPress Exclusive Addons Elementor plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through = 2.7.9...

CVE-2025-46472 WordPress The Pack Elementor addons plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.1.6...

CVE-2024-56225 WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through = 4.10.56...

VulnCheck KEV: CVE-2021-4448

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...