CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32197 – WordPress Piotnet Addons For Elementor plugin <= 2.4.34 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32197
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Addons For Elementor allows Stored XSS. This issue affects Piotnet Addons For Elementor: from n/a through 2.4.34. The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level... • https://patchstack.com/database/wordpress/plugin/piotnet-addons-for-elementor/vulnerability/wordpress-piotnet-addons-for-elementor-plugin-2-4-34-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32204 – WordPress Split Test For Elementor Plugin <= 1.8.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32204
04 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2. The Split Test For Elementor plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authentic... • https://patchstack.com/database/wordpress/plugin/split-test-for-elementor/vulnerability/wordpress-split-test-for-elementor-plugin-1-8-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32158 – WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32158
04 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15. The aThemes Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server... • https://patchstack.com/database/wordpress/plugin/athemes-addons-for-elementor-lite/vulnerability/wordpress-athemes-addons-for-elementor-plugin-1-0-15-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32260 – WordPress DethemeKit For Elementor plugin <= 2.1.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-32260
04 Apr 2025 — Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10. The DethemeKit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.10. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/dethemekit-for-elementor/vulnerability/wordpress-dethemekit-for-elementor-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31796 – WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-31796
01 Apr 2025 — Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery. This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. The ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.8.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating ... • https://patchstack.com/database/wordpress/plugin/css-for-elementor/vulnerability/wordpress-elementscss-addons-for-elementor-plugin-1-0-8-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31749 – WordPress HMH Footer Builder For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31749
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPelite HMH Footer Builder For Elementor allows Stored XSS. This issue affects HMH Footer Builder For Elementor: from n/a through 1.0. The HMH Footer Builder For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level... • https://patchstack.com/database/wordpress/plugin/hmh-footer-builder-for-elementor/vulnerability/wordpress-hmh-footer-builder-for-elementor-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31771 – WordPress Team Members for Elementor Page Builder plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31771
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder allows Stored XSS. This issue affects Team Members for Elementor Page Builder: from n/a through 1.0.4. The Team Members for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... • https://patchstack.com/database/wordpress/plugin/team-members-for-elementor/vulnerability/wordpress-team-members-for-elementor-page-builder-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31850 – WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31850
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Stored XSS. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5. The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possi... • https://patchstack.com/database/wordpress/plugin/pdf-generator-addon-for-elementor-page-builder/vulnerability/wordpress-pdf-generator-addon-for-elementor-page-builder-plugin-1-7-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31889 – WordPress Extensions for Elementor plugin <= 2.0.40 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31889
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40. The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject ... • https://patchstack.com/database/wordpress/plugin/extensions-for-elementor/vulnerability/wordpress-extensions-for-elementor-plugin-2-0-40-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31857 – WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31857
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor allows Stored XSS. This issue affects Directorist AddonsKit for Elementor: from n/a through 1.1.6. The Directorist AddonsKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contri... • https://patchstack.com/database/wordpress/plugin/addonskit-for-elementor/vulnerability/wordpress-directorist-addonskit-for-elementor-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •