CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32197 – WordPress Piotnet Addons For Elementor plugin <= 2.4.34 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32197
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in piotnetdotcom Piotnet Addons For Elementor allows Stored XSS. This issue affects Piotnet Addons For Elementor: from n/a through 2.4.34. The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level... • https://patchstack.com/database/wordpress/plugin/piotnet-addons-for-elementor/vulnerability/wordpress-piotnet-addons-for-elementor-plugin-2-4-34-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32204 – WordPress Split Test For Elementor Plugin <= 1.8.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32204
04 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2. The Split Test For Elementor plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authentic... • https://patchstack.com/database/wordpress/plugin/split-test-for-elementor/vulnerability/wordpress-split-test-for-elementor-plugin-1-8-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32158 – WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32158
04 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15. The aThemes Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server... • https://patchstack.com/database/wordpress/plugin/athemes-addons-for-elementor-lite/vulnerability/wordpress-athemes-addons-for-elementor-plugin-1-0-15-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32260 – WordPress DethemeKit For Elementor plugin <= 2.1.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-32260
04 Apr 2025 — Missing Authorization vulnerability in Detheme DethemeKit For Elementor. This issue affects DethemeKit For Elementor: from n/a through 2.1.10. The DethemeKit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.10. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/dethemekit-for-elementor/vulnerability/wordpress-dethemekit-for-elementor-plugin-2-1-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31857 – WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31857
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor allows Stored XSS. This issue affects Directorist AddonsKit for Elementor: from n/a through 1.1.6. The Directorist AddonsKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contri... • https://patchstack.com/database/wordpress/plugin/addonskit-for-elementor/vulnerability/wordpress-directorist-addonskit-for-elementor-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31796 – WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-31796
01 Apr 2025 — Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery. This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. The ElementsCSS Addons for Elementor (Elementor Widgets Extender & Addons) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.8.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating ... • https://patchstack.com/database/wordpress/plugin/css-for-elementor/vulnerability/wordpress-elementscss-addons-for-elementor-plugin-1-0-8-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31813 – WordPress WPSHARE247 Elementor Addons plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31813
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Website366.com WPSHARE247 Elementor Addons allows Stored XSS. This issue affects WPSHARE247 Elementor Addons: from n/a through 2.1. The WPSHARE247 Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access ... • https://patchstack.com/database/wordpress/plugin/wpshare247-elementor-addons/vulnerability/wordpress-wpshare247-elementor-addons-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31823 – WordPress WPoperation Elementor Addons plugin 1.1.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31823
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpoperations WPoperation Elementor Addons allows Stored XSS. This issue affects WPoperation Elementor Addons: from n/a through 1.1.9. The WPoperation Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level ac... • https://patchstack.com/database/wordpress/plugin/wpop-elementor-addons/vulnerability/wordpress-wpoperation-elementor-addons-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31749 – WordPress HMH Footer Builder For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31749
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPelite HMH Footer Builder For Elementor allows Stored XSS. This issue affects HMH Footer Builder For Elementor: from n/a through 1.0. The HMH Footer Builder For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level... • https://patchstack.com/database/wordpress/plugin/hmh-footer-builder-for-elementor/vulnerability/wordpress-hmh-footer-builder-for-elementor-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31771 – WordPress Team Members for Elementor Page Builder plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31771
01 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sultan Nasir Uddin Team Members for Elementor Page Builder allows Stored XSS. This issue affects Team Members for Elementor Page Builder: from n/a through 1.0.4. The Team Members for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... • https://patchstack.com/database/wordpress/plugin/team-members-for-elementor/vulnerability/wordpress-team-members-for-elementor-page-builder-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •