CVE-2025-31635

CVE-2025-31635: WordPress CLEVER plugin ≤ 2.6 contains an unauthenticated path traversal vulnerability enabling arbitrary file download. The issue stems from improper pathname handling in the CLEVER plugin, allowing access to restricted files. Public references corroborate affected versions as “n...

WordPress Clever Fox Plugin <= 25.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Clever Fox Type Plugin Vulnerable versions = 25.2.0 Fixed in 25.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1768 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 78a218f7f787 Credits WordFence Required privileg...

WordPress Clever Addons for Elementor Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Clever Addons for Elementor Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2350 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f64ce9c41857 Credits Francesco...

WordPress Clever Addons for Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Clever Addons for Elementor Plugin versions prior to 2.10.0. An attacker can exploit this vulnerability to launch a cross-site scripting attack...