CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-32641 – WordPress Anant Addons for Elementor plugin <= 1.1.5 - CSRF to Arbitrary Plugin Installation vulnerability
https://notcve.org/view.php?id=CVE-2025-32641
09 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor allows Cross Site Request Forgery. This issue affects Anant Addons for Elementor: from n/a through 1.1.5. The Anant Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to install arbitrary plugins via a forged request granted ... • https://packetstorm.news/files/id/190435 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32672 – WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-32672
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9. The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.9. This makes it possible for unauthenticated attackers to include and execute ... • https://patchstack.com/database/wordpress/plugin/ultimate-bootstrap-elements-for-elementor/vulnerability/wordpress-ultimate-bootstrap-elements-for-elementor-plugin-1-4-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32135 – WordPress Split Test For Elementor plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32135
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3. The Split Test For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and... • https://patchstack.com/database/wordpress/plugin/split-test-for-elementor/vulnerability/wordpress-split-test-for-elementor-plugin-1-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32157 – WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32157
04 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jakub Glos Sparkle Elementor Kit allows PHP Local File Inclusion. This issue affects Sparkle Elementor Kit: from n/a through 2.0.9. The Sparkle Elementor Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o... • https://patchstack.com/database/wordpress/plugin/sparkle-elementor-kit/vulnerability/wordpress-sparkle-elementor-kit-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32163 – WordPress Xpro Elementor Addons plugin <= 1.4.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32163
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.9. The Xpro Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arb... • https://patchstack.com/database/wordpress/plugin/xpro-elementor-addons/vulnerability/wordpress-xpro-elementor-addons-plugin-1-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32186 – WordPress Turbo Addons for Elementor plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32186
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Turbo Addons Turbo Addons for Elementor allows DOM-Based XSS. This issue affects Turbo Addons for Elementor: from n/a through 1.7.1. The Turbo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces... • https://patchstack.com/database/wordpress/plugin/turbo-addons-elementor/vulnerability/wordpress-turbo-addons-for-elementor-plugin-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32189 – WordPress BWD Elementor Addons plugin <= 4.3.20 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32189
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer BWD Elementor Addons allows DOM-Based XSS. This issue affects BWD Elementor Addons: from n/a through 4.3.20. The BWD Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above... • https://patchstack.com/database/wordpress/plugin/bwd-elementor-addons/vulnerability/wordpress-bwd-elementor-addons-plugin-4-3-20-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32190 – WordPress Musician's Pack for Elementor plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32190
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartwpress Musician's Pack for Elementor allows DOM-Based XSS. This issue affects Musician's Pack for Elementor: from n/a through 1.8.4. The Musician's Pack for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev... • https://patchstack.com/database/wordpress/plugin/music-pack-for-elementor/vulnerability/wordpress-musician-s-pack-for-elementor-plugin-1-8-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32192 – WordPress Ultra Addons Lite for Elementor plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32192
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UltraPress Ultra Addons Lite for Elementor allows Stored XSS. This issue affects Ultra Addons Lite for Elementor: from n/a through 1.1.8. The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l... • https://patchstack.com/database/wordpress/plugin/ut-elementor-addons-lite/vulnerability/wordpress-ultra-addons-lite-for-elementor-plugin-1-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32196 – WordPress News Kit Elementor Addons plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32196
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons allows Stored XSS. This issue affects News Kit Elementor Addons: from n/a through 1.3.1. The News Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and a... • https://patchstack.com/database/wordpress/plugin/news-kit-elementor-addons/vulnerability/wordpress-news-kit-elementor-addons-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •