Wordpress Sikkerhed & Opdateringer

Cross-site scripting in admin system configuration file field via unescaped value attribute

Skrevet den 28. maj 2026 af i Magento

The _getDeleteCheckbox() method in MagentoConfigBlockSystemConfigFormFieldFile rendered the stored field value directly into a hidden attribute in the admin system configuration backend without HTML-escaping, allowing attribute-breakout XSS if any path (lower-privileged admin, third-party module, or DB tampering) seeded HTML metacharacters into the value. The fix wraps the value with $this->_escaper->escapeHtml(), neutralizing <, >, &, and ” and closing the sink.

This vulnerability affects the following application versions:

Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8-beta1

Cross-Site Request Forgery in Stripe Connect handler

Skrevet den 28. maj 2026 af i Website Builder by SeedProd

The plugin’s Stripe Connect callback writes the seedprod_stripe_connect_token option from a GET parameter without a nonce or capability check. An attacker can trick an admin into visiting a crafted URL and overwrite the connected Stripe token

This vulnerability affects the following application versions:

Website Builder by SeedProd 6.15.6
Website Builder by SeedProd 6.15.7
Website Builder by SeedProd 6.15.13.1

Stored cross-site scripting in order cancellation modal via unescaped order increment ID

Skrevet den 28. maj 2026 af i Magento

The cancel-order-modal.phtml template in the Magento_OrderCancellationUi module rendered $block->getOrder()->getRealOrderId() directly into the DOM using the @noEscape annotation, bypassing Magento’s output escaping layer. While the order increment ID is normally a numeric/zero-padded string generated by Magento and not directly user-controllable, any code path or merchant customization that allowed non-standard characters into this field (custom increment ID generators, third-party modules manipulating order data, or database-level tampering by a lower-privileged actor) could result in raw HTML or JavaScript being injected into the cancel-order modal and executed in the context of the authenticated shopper’s session. The fix routes the value through $escaper->escapeHtml(), aligning the template with the escaping pattern already used elsewhere in the same file and in the Magento_Sales order history templates, and eliminating the XSS sink as a defense-in-depth measure.

This vulnerability affects the following application versions:

Magento 2.4.7
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8-beta1

Authenticated (Author+) Arbitrary File Upload in Starter Templates

Skrevet den 28. maj 2026 af i Starter Templates – AI-Powered Templates

An Author-level user can bypass the WXR importer’s filename check to upload arbitrary files (including PHP) into wp-content/uploads, enabling remote code execution. Affects Starter Templates plugin versions up to 4.4.41; fixed in 4.4.42 by enforcing wp_check_filetype-based extension and MIME validation in the importer’s allow-list.

This vulnerability affects the following application versions:

Starter Templates – AI-Powered Templates 0.4.4.0
Starter Templates – AI-Powered Templates 0.4.4.15
Starter Templates – AI-Powered Templates 4.2.2
Starter Templates – AI-Powered Templates 4.2.3
Starter Templates – AI-Powered Templates 4.2.4
Starter Templates – AI-Powered Templates 4.2.5
Starter Templates – AI-Powered Templates 4.2.6
Starter Templates – AI-Powered Templates 4.3.0
Starter Templates – AI-Powered Templates 4.3.1
Starter Templates – AI-Powered Templates 4.3.2
Starter Templates – AI-Powered Templates 4.3.3
Starter Templates – AI-Powered Templates 4.3.4
Starter Templates – AI-Powered Templates 4.3.5
Starter Templates – AI-Powered Templates 4.3.6
Starter Templates – AI-Powered Templates 4.3.7
Starter Templates – AI-Powered Templates 4.3.8
Starter Templates – AI-Powered Templates 4.3.9
Starter Templates – AI-Powered Templates 4.4.0
Starter Templates – AI-Powered Templates 4.4.1
Starter Templates – AI-Powered Templates 4.4.2
Starter Templates – AI-Powered Templates 4.4.3
Starter Templates – AI-Powered Templates 4.4.4
Starter Templates – AI-Powered Templates 4.4.5
Starter Templates – AI-Powered Templates 4.4.6
Starter Templates – AI-Powered Templates 4.4.7
Starter Templates – AI-Powered Templates 4.4.8
Starter Templates – AI-Powered Templates 4.4.9
Starter Templates – AI-Powered Templates 4.4.10
Starter Templates – AI-Powered Templates 4.4.11
Starter Templates – AI-Powered Templates 4.4.12
Starter Templates – AI-Powered Templates 4.4.13
Starter Templates – AI-Powered Templates 4.4.14
Starter Templates – AI-Powered Templates 4.4.16
Starter Templates – AI-Powered Templates 4.4.17
Starter Templates – AI-Powered Templates 4.4.18
Starter Templates – AI-Powered Templates 4.4.19
Starter Templates – AI-Powered Templates 4.4.20
Starter Templates – AI-Powered Templates 4.4.21
Starter Templates – AI-Powered Templates 4.4.22
Starter Templates – AI-Powered Templates 4.4.23
Starter Templates – AI-Powered Templates 4.4.24
Starter Templates – AI-Powered Templates 4.4.25
Starter Templates – AI-Powered Templates 4.4.26
Starter Templates – AI-Powered Templates 4.4.27
Starter Templates – AI-Powered Templates 4.4.28
Starter Templates – AI-Powered Templates 4.4.29
Starter Templates – AI-Powered Templates 4.4.30
Starter Templates – AI-Powered Templates 4.4.31
Starter Templates – AI-Powered Templates 4.4.32
Starter Templates – AI-Powered Templates 4.4.33
Starter Templates – AI-Powered Templates 4.4.34
Starter Templates – AI-Powered Templates 4.4.35
Starter Templates – AI-Powered Templates 4.4.36
Starter Templates – AI-Powered Templates 4.4.37
Starter Templates – AI-Powered Templates 4.4.38
Starter Templates – AI-Powered Templates 4.4.39
Starter Templates – AI-Powered Templates 4.4.40
Starter Templates – AI-Powered Templates 4.4.41

Missing Authorization via seedprod_lite_new_lpage

Skrevet den 28. maj 2026 af i Website Builder by SeedProd

The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin

This vulnerability affects the following application versions:

Website Builder by SeedProd 6.0.5
Website Builder by SeedProd 6.0.6
Website Builder by SeedProd 6.0.7
Website Builder by SeedProd 6.0.8
Website Builder by SeedProd 6.0.8.1
Website Builder by SeedProd 6.0.8.2
Website Builder by SeedProd 6.0.8.3
Website Builder by SeedProd 6.0.8.4
Website Builder by SeedProd 6.0.8.5
Website Builder by SeedProd 6.0.9.0
Website Builder by SeedProd 6.0.10.1
Website Builder by SeedProd 6.0.11.1
Website Builder by SeedProd 6.2.0
Website Builder by SeedProd 6.2.1
Website Builder by SeedProd 6.2.2
Website Builder by SeedProd 6.2.3
Website Builder by SeedProd 6.2.4
Website Builder by SeedProd 6.2.5
Website Builder by SeedProd 6.6.0
Website Builder by SeedProd 6.9.0.8
Website Builder by SeedProd 6.10.0
Website Builder by SeedProd 6.12.0
Website Builder by SeedProd 6.12.2
Website Builder by SeedProd 6.13.0
Website Builder by SeedProd 6.13.1
Website Builder by SeedProd 6.15.3
Website Builder by SeedProd 6.15.4
Website Builder by SeedProd 6.15.6
Website Builder by SeedProd 6.15.7
Website Builder by SeedProd 6.15.13.1
Website Builder by SeedProd 6.15.15.3
Website Builder by SeedProd 6.15.18
Website Builder by SeedProd 6.15.19
Website Builder by SeedProd 6.15.20
Website Builder by SeedProd 6.15.21
Website Builder by SeedProd 6.15.22

Stored Cross-Site Scripting in Magento Admin Customer Order Items

Skrevet den 28. maj 2026 af i Magento

An authenticated user with low admin privileges can inject malicious scripts via product option values rendered in the customer admin order-items grid. The unescaped output executes in another admin’s browser, enabling session hijacking. Affects Adobe Commerce 2.4.4-p11 / 2.4.5-p10 / 2.4.6-p8 / 2.4.7-p3 and earlier; fixed by escaping the option value via the Escaper service.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8-beta1

Cross-site scripting through unescaped output in admin-facing templates

Skrevet den 28. maj 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

The plugin emits several PHP-generated values directly into HTML and inline JavaScript contexts without applying context-appropriate escaping, allowing attacker-influenced data to break out of the surrounding string or markup and execute arbitrary script in an authenticated user’s browser. Affected sinks include option keys and values rendered into an admin table via htmlspecialchars() (which is not charset-aware and is weaker than WordPress’s esc_html()), as well as URLs and nonces interpolated into inline onclick handlers without esc_js(), leaving the JavaScript string literal vulnerable to quote- or backslash-based breakout. Exploitation requires that a value reaching one of these sinks be controllable by a lower-privileged user or external input, after which a logged-in administrator viewing the affected page would trigger script execution in their session context.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Unsafe html in field group labels vulnerable to js execution in the classic editor

Skrevet den 28. maj 2026 af i Advanced Custom Fields (ACF)

The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 6.4.2. This is due to the plugin nor properly neutralizing unsafe HTML. This makes it possible for authenticated attackers, with administrator-level access and above, to inject potentially malicious HTML.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 5.9.0
Advanced Custom Fields (ACF) 5.9.1
Advanced Custom Fields (ACF) 5.9.2
Advanced Custom Fields (ACF) 5.9.3
Advanced Custom Fields (ACF) 5.9.4
Advanced Custom Fields (ACF) 5.9.5
Advanced Custom Fields (ACF) 5.9.6
Advanced Custom Fields (ACF) 5.9.7
Advanced Custom Fields (ACF) 5.9.8
Advanced Custom Fields (ACF) 5.9.9
Advanced Custom Fields (ACF) 5.10
Advanced Custom Fields (ACF) 5.10.1
Advanced Custom Fields (ACF) 5.10.2
Advanced Custom Fields (ACF) 5.11
Advanced Custom Fields (ACF) 5.11.1
Advanced Custom Fields (ACF) 5.11.2
Advanced Custom Fields (ACF) 5.11.3
Advanced Custom Fields (ACF) 5.11.4
Advanced Custom Fields (ACF) 5.12
Advanced Custom Fields (ACF) 5.12.1
Advanced Custom Fields (ACF) 5.12.2
Advanced Custom Fields (ACF) 5.12.3
Advanced Custom Fields (ACF) 5.12.4
Advanced Custom Fields (ACF) 5.12.5
Advanced Custom Fields (ACF) 5.12.6
Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1
Advanced Custom Fields (ACF) 6.3.2
Advanced Custom Fields (ACF) 6.3.3
Advanced Custom Fields (ACF) 6.3.4
Advanced Custom Fields (ACF) 6.3.5
Advanced Custom Fields (ACF) 6.3.6
Advanced Custom Fields (ACF) 6.3.6.1
Advanced Custom Fields (ACF) 6.3.6.2
Advanced Custom Fields (ACF) 6.3.6.3
Advanced Custom Fields (ACF) 6.3.9
Advanced Custom Fields (ACF) 6.3.10.2
Advanced Custom Fields (ACF) 6.3.11
Advanced Custom Fields (ACF) 6.3.12
Advanced Custom Fields (ACF) 6.4.0
Advanced Custom Fields (ACF) 6.4.0.1
Advanced Custom Fields (ACF) 6.4.1
Advanced Custom Fields (ACF) 6.4.2

Incorrect ACL check in admin order view allows send-email action under wrong permission

Skrevet den 28. maj 2026 af i Magento

The “Send Order Email” button in MagentoSalesBlockAdminhtmlOrderView is gated by the ACL resource Magento_Sales::emails (“Send Sales Emails”) instead of the dedicated Magento_Sales::email (“Send Order Email”) declared in the Sales module’s acl.xml, so administrators granted only the broader permission can trigger per-order email sends without holding the specific granular permission, breaking least-privilege enforcement

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Information disclosure in essential addons for elementor formstack widget

Skrevet den 28. maj 2026 af i Essential Addons for Elementor

Essential Addons for Elementor ≤ 6.1.9 lets Contributor-level users disclose contents of internal URLs by supplying an arbitrary address in the Formstack widget’s eael_form_key setting, which the plugin fetched via wp_remote_get() without validation and returned in the rendered output.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9

Drupal core – Highly critical – SQL injection – SA-CORE-2026-004

Skrevet den 22. maj 202629. maj 2026 af i Drupal

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.4.9
Drupal 10.4.10
Drupal 10.5.0
Drupal 10.5.1
Drupal 10.5.2
Drupal 10.5.3
Drupal 10.5.4
Drupal 10.5.5
Drupal 10.5.6
Drupal 10.5.7
Drupal 10.5.8
Drupal 10.5.9
Drupal 10.6.0
Drupal 10.6.1
Drupal 10.6.2
Drupal 10.6.3
Drupal 10.6.4
Drupal 10.6.5
Drupal 10.6.6
Drupal 10.6.7
Drupal 10.6.8
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6
Drupal 11.1.7
Drupal 11.1.8
Drupal 11.1.9
Drupal 11.1.10
Drupal 11.2.0
Drupal 11.2.1
Drupal 11.2.2
Drupal 11.2.3
Drupal 11.2.4
Drupal 11.2.5
Drupal 11.2.6
Drupal 11.2.7
Drupal 11.2.8
Drupal 11.2.9
Drupal 11.2.10
Drupal 11.2.11
Drupal 11.2.12
Drupal 11.2.13
Drupal 11.3.0
Drupal 11.3.1
Drupal 11.3.2
Drupal 11.3.3
Drupal 11.3.4
Drupal 11.3.5
Drupal 11.3.6
Drupal 11.3.7
Drupal 11.3.8
Drupal 11.3.9
Drupal 11.3.10
Drupal 11.3.11

Stored cross-site scripting (XSS) via global color and typography settings

Skrevet den 15. maj 2026 af i Elementor Website Builder

The global color and typography REST API endpoints in Elementor <= 3.35.4 do not sanitize user-supplied values before storing them in the database, and the editor renders these values using jQuery's .html() method. An authenticated attacker can inject malicious JavaScript into global style fields that executes in the browser of any user who opens the Elementor editor's global styles panel.

This vulnerability affects the following application versions:

Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev39
Elementor Website Builder 3.5.0-dev40
Elementor Website Builder 3.5.0-dev41
Elementor Website Builder 3.5.0-dev42
Elementor Website Builder 3.5.0-dev43
Elementor Website Builder 3.5.0-dev44
Elementor Website Builder 3.5.0-dev45
Elementor Website Builder 3.5.0-dev46
Elementor Website Builder 3.5.0-dev47
Elementor Website Builder 3.5.0-dev48
Elementor Website Builder 3.5.0-dev49
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4
Elementor Website Builder 3.29.1
Elementor Website Builder 3.29.2
Elementor Website Builder 3.30.0
Elementor Website Builder 3.30.0-beta1
Elementor Website Builder 3.30.0-beta2
Elementor Website Builder 3.30.0-beta3
Elementor Website Builder 3.30.0-dev1
Elementor Website Builder 3.30.0-dev2
Elementor Website Builder 3.30.0-dev3
Elementor Website Builder 3.30.1
Elementor Website Builder 3.30.2
Elementor Website Builder 3.30.3
Elementor Website Builder 3.30.4
Elementor Website Builder 3.31.0
Elementor Website Builder 3.31.0-beta1
Elementor Website Builder 3.31.0-beta2
Elementor Website Builder 3.31.0-dev1
Elementor Website Builder 3.31.0-dev2
Elementor Website Builder 3.31.1
Elementor Website Builder 3.31.2
Elementor Website Builder 3.31.3
Elementor Website Builder 3.31.4
Elementor Website Builder 3.31.5
Elementor Website Builder 3.32.0
Elementor Website Builder 3.32.0-beta1
Elementor Website Builder 3.32.0-beta2
Elementor Website Builder 3.32.0-beta3
Elementor Website Builder 3.32.0-dev1
Elementor Website Builder 3.32.0-dev2
Elementor Website Builder 3.32.0-dev3
Elementor Website Builder 3.32.1
Elementor Website Builder 3.32.2
Elementor Website Builder 3.32.3
Elementor Website Builder 3.32.4
Elementor Website Builder 3.32.5
Elementor Website Builder 3.33.0
Elementor Website Builder 3.33.0-beta1
Elementor Website Builder 3.33.0-beta2
Elementor Website Builder 3.33.0-beta3
Elementor Website Builder 3.33.0-beta4
Elementor Website Builder 3.33.0-dev1
Elementor Website Builder 3.33.0-dev2
Elementor Website Builder 3.33.0-dev3
Elementor Website Builder 3.33.0-dev4
Elementor Website Builder 3.33.1
Elementor Website Builder 3.33.2
Elementor Website Builder 3.33.3
Elementor Website Builder 3.33.4
Elementor Website Builder 3.33.5
Elementor Website Builder 3.33.6
Elementor Website Builder 3.34.0
Elementor Website Builder 3.34.0-beta1
Elementor Website Builder 3.34.0-beta2
Elementor Website Builder 3.34.0-beta3
Elementor Website Builder 3.34.0-dev1
Elementor Website Builder 3.34.0-dev2
Elementor Website Builder 3.34.1
Elementor Website Builder 3.34.2
Elementor Website Builder 3.34.3
Elementor Website Builder 3.34.4
Elementor Website Builder 3.35.0
Elementor Website Builder 3.35.0-beta1
Elementor Website Builder 3.35.0-beta2
Elementor Website Builder 3.35.0-beta3
Elementor Website Builder 3.35.0-beta4
Elementor Website Builder 3.35.0-dev1
Elementor Website Builder 3.35.0-dev2
Elementor Website Builder 3.35.0-dev3
Elementor Website Builder 3.35.0-dev4
Elementor Website Builder 3.35.1
Elementor Website Builder 3.35.2
Elementor Website Builder 3.35.3
Elementor Website Builder 3.35.4

Authenticated (Admin+) Stored Cross-Site Scripting in Ninja Forms Settings

Skrevet den 12. maj 2026 af i Ninja Forms – The Contact Form Builder

An administrator-level user can inject HTML or JavaScript into a Ninja Forms field label; the payload is stored and executes when other administrators view the form settings panel. Affects Ninja Forms versions up to 3.8.16, fixed in 3.8.18.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.6.34
Ninja Forms – The Contact Form Builder 3.6.34.1
Ninja Forms – The Contact Form Builder 3.7.3
Ninja Forms – The Contact Form Builder 3.7.3.1
Ninja Forms – The Contact Form Builder 3.8.0
Ninja Forms – The Contact Form Builder 3.8.1
Ninja Forms – The Contact Form Builder 3.8.2
Ninja Forms – The Contact Form Builder 3.8.3
Ninja Forms – The Contact Form Builder 3.8.4
Ninja Forms – The Contact Form Builder 3.8.5
Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15
Ninja Forms – The Contact Form Builder 3.8.16
Ninja Forms – The Contact Form Builder 3.8.17

CSRF Logout via customer-logout Endpoint

Skrevet den 12. maj 2026 af i WooCommerce

WooCommerce versions prior to 9.3.0 are affected by a Cross-Site Request Forgery vulnerability in the customer-logout endpoint. An unauthenticated attacker can force a logged-in user to be logged out by directing them to /my-account/customer-logout/, which processed the logout without verifying a nonce. Additionally, navigation menu logout links in both classic and block themes were rendered without nonces, providing ready-made CSRF targets. The fix in wc_template_redirect() now strictly requires a valid customer-logout nonce via wp_verify_nonce() before calling wp_logout(), falling back to a confirmation prompt when the nonce is missing, and the wc_nav_menu_items() and new wc_nav_menu_inner_blocks() functions inject nonces into all logout links automatically.

This vulnerability affects the following application versions:

WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4
WooCommerce 3.5.5
WooCommerce 3.5.6
WooCommerce 3.5.7
WooCommerce 3.5.8
WooCommerce 3.5.9
WooCommerce 3.5.10
WooCommerce 3.6.0
WooCommerce 3.6.0-beta.1
WooCommerce 3.6.0-rc.1
WooCommerce 3.6.0-rc.2
WooCommerce 3.6.0-rc.3
WooCommerce 3.6.1
WooCommerce 3.6.2
WooCommerce 3.6.3
WooCommerce 3.6.4
WooCommerce 3.6.5
WooCommerce 3.6.6
WooCommerce 3.6.7
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0-rc.1
WooCommerce 3.7.0-rc.2
WooCommerce 3.7.1
WooCommerce 3.7.2
WooCommerce 3.7.3
WooCommerce 3.8.0
WooCommerce 3.8.0-beta.1
WooCommerce 3.8.0-rc.1
WooCommerce 3.8.0-rc.2
WooCommerce 3.8.1
WooCommerce 3.8.2
WooCommerce 3.8.3
WooCommerce 3.9.0
WooCommerce 3.9.0-beta.1
WooCommerce 3.9.0-beta.2
WooCommerce 3.9.0-rc.1
WooCommerce 3.9.0-rc.2
WooCommerce 3.9.0-rc.3
WooCommerce 3.9.0-rc.4
WooCommerce 3.9.1
WooCommerce 3.9.2
WooCommerce 3.9.3
WooCommerce 3.9.4
WooCommerce 3.9.5
WooCommerce 4.0.0
WooCommerce 4.0.0-beta.1
WooCommerce 4.0.0-rc.1
WooCommerce 4.0.0-rc.2
WooCommerce 4.0.1
WooCommerce 4.0.2
WooCommerce 4.0.3
WooCommerce 4.0.4
WooCommerce 4.1.0
WooCommerce 4.1.0-beta.1
WooCommerce 4.1.0-beta.2
WooCommerce 4.1.0-rc.1
WooCommerce 4.1.0-rc.2
WooCommerce 4.1.0-rc.3
WooCommerce 4.1.1
WooCommerce 4.1.2
WooCommerce 4.1.2.1
WooCommerce 4.1.3
WooCommerce 4.1.4
WooCommerce 4.2.0
WooCommerce 4.2.0-beta.1
WooCommerce 4.2.0-RC.1
WooCommerce 4.2.0-RC.2
WooCommerce 4.2.1
WooCommerce 4.2.2
WooCommerce 4.2.3
WooCommerce 4.2.3.1
WooCommerce 4.2.4
WooCommerce 4.2.5
WooCommerce 4.3.0
WooCommerce 4.3.0-beta.1
WooCommerce 4.3.0-rc.1
WooCommerce 4.3.0-rc.2
WooCommerce 4.3.0-rc.3
WooCommerce 4.3.1
WooCommerce 4.3.2
WooCommerce 4.3.3
WooCommerce 4.3.4
WooCommerce 4.3.4.1
WooCommerce 4.3.5
WooCommerce 4.3.6
WooCommerce 4.4.0
WooCommerce 4.4.0-beta.1
WooCommerce 4.4.0-rc.1
WooCommerce 4.4.1
WooCommerce 4.4.2
WooCommerce 4.4.2.1
WooCommerce 4.4.3
WooCommerce 4.4.4
WooCommerce 4.5.0
WooCommerce 4.5.0-beta.1
WooCommerce 4.5.0-rc.1
WooCommerce 4.5.0-rc.2
WooCommerce 4.5.0-rc.3
WooCommerce 4.5.1
WooCommerce 4.5.2
WooCommerce 4.5.3
WooCommerce 4.5.3.1
WooCommerce 4.5.4
WooCommerce 4.5.5
WooCommerce 4.6.0
WooCommerce 4.6.0-beta.1
WooCommerce 4.6.0-rc.1
WooCommerce 4.6.1
WooCommerce 4.6.2
WooCommerce 4.6.3
WooCommerce 4.6.3.1
WooCommerce 4.6.4
WooCommerce 4.6.5
WooCommerce 4.7.0
WooCommerce 4.7.0-beta.1
WooCommerce 4.7.0-beta.2
WooCommerce 4.7.0-rc.1
WooCommerce 4.7.1
WooCommerce 4.7.1-beta.1
WooCommerce 4.7.2
WooCommerce 4.7.3
WooCommerce 4.7.4
WooCommerce 4.8.0
WooCommerce 4.8.0-beta.1
WooCommerce 4.8.0-rc.1
WooCommerce 4.8.0-rc.2
WooCommerce 4.8.1
WooCommerce 4.8.2
WooCommerce 4.8.3
WooCommerce 4.9.0
WooCommerce 4.9.0-beta.1
WooCommerce 4.9.0-rc.1
WooCommerce 4.9.0-rc.2
WooCommerce 4.9.1
WooCommerce 4.9.2
WooCommerce 4.9.3
WooCommerce 4.9.4
WooCommerce 4.9.5
WooCommerce 5.0.0
WooCommerce 5.0.0-beta.1
WooCommerce 5.0.0-beta.2
WooCommerce 5.0.0-rc.1
WooCommerce 5.0.0-rc.2
WooCommerce 5.0.0-rc.3
WooCommerce 5.0.1
WooCommerce 5.0.2
WooCommerce 5.0.3
WooCommerce 5.1.0
WooCommerce 5.1.0-beta.1
WooCommerce 5.1.0-rc.1
WooCommerce 5.1.1
WooCommerce 5.1.2
WooCommerce 5.1.3
WooCommerce 5.2.0
WooCommerce 5.2.0-beta.1
WooCommerce 5.2.0-rc.1
WooCommerce 5.2.0-rc.2
WooCommerce 5.2.1
WooCommerce 5.2.2
WooCommerce 5.2.3
WooCommerce 5.2.4
WooCommerce 5.2.5
WooCommerce 5.3.0
WooCommerce 5.3.0-beta.1
WooCommerce 5.3.0-rc.1
WooCommerce 5.3.0-rc.2
WooCommerce 5.3.1
WooCommerce 5.3.2
WooCommerce 5.3.3
WooCommerce 5.4.0
WooCommerce 5.4.0-beta.1
WooCommerce 5.4.0-rc.1
WooCommerce 5.4.1
WooCommerce 5.4.2
WooCommerce 5.4.3
WooCommerce 5.4.4
WooCommerce 5.4.5
WooCommerce 5.5.0
WooCommerce 5.5.0-beta.1
WooCommerce 5.5.0-rc.1
WooCommerce 5.5.0-rc.2
WooCommerce 5.5.1
WooCommerce 5.5.2
WooCommerce 5.5.3
WooCommerce 5.5.4
WooCommerce 5.5.5
WooCommerce 5.6.0
WooCommerce 5.6.0-beta.1
WooCommerce 5.6.0-rc.1
WooCommerce 5.6.0-rc.2
WooCommerce 5.6.1
WooCommerce 5.6.2
WooCommerce 5.6.3
WooCommerce 5.7.0
WooCommerce 5.7.0-beta.1
WooCommerce 5.7.0-rc.1
WooCommerce 5.7.0-rc.2
WooCommerce 5.7.1
WooCommerce 5.7.2
WooCommerce 5.7.3
WooCommerce 5.8.0
WooCommerce 5.8.0-beta.1
WooCommerce 5.8.0-beta.2
WooCommerce 5.8.0-rc.1
WooCommerce 5.8.1
WooCommerce 5.8.2
WooCommerce 5.9.0
WooCommerce 5.9.0-beta.1
WooCommerce 5.9.0-rc.1
WooCommerce 5.9.0-RC.1
WooCommerce 5.9.0-rc.2
WooCommerce 5.9.1
WooCommerce 5.9.2
WooCommerce 6.0.0
WooCommerce 6.0.0-beta.1
WooCommerce 6.0.0-rc.1
WooCommerce 6.0.1
WooCommerce 6.0.2
WooCommerce 6.1.0
WooCommerce 6.1.0-beta.1
WooCommerce 6.1.0-rc.1
WooCommerce 6.1.0-rc.2
WooCommerce 6.1.1
WooCommerce 6.1.2
WooCommerce 6.1.3
WooCommerce 6.2.0
WooCommerce 6.2.0-beta.1
WooCommerce 6.2.0-rc.1
WooCommerce 6.2.0-rc.2
WooCommerce 6.2.1
WooCommerce 6.2.2
WooCommerce 6.2.3
WooCommerce 6.3.0
WooCommerce 6.3.0-beta.1
WooCommerce 6.3.0-rc.1
WooCommerce 6.3.0-rc.2
WooCommerce 6.3.1
WooCommerce 6.3.2
WooCommerce 6.4.0
WooCommerce 6.4.0-beta.1
WooCommerce 6.4.0-rc.1
WooCommerce 6.4.1
WooCommerce 6.4.2
WooCommerce 6.5.0
WooCommerce 6.5.0-beta.1
WooCommerce 6.5.0-rc.1
WooCommerce 6.5.0-rc.2
WooCommerce 6.5.1
WooCommerce 6.5.2
WooCommerce 6.6.0
WooCommerce 6.6.0-beta.1
WooCommerce 6.6.0-rc.1
WooCommerce 6.6.0-rc.2
WooCommerce 6.6.1
WooCommerce 6.6.2
WooCommerce 6.7.0
WooCommerce 6.7.0-beta.1
WooCommerce 6.7.0-beta.2
WooCommerce 6.7.0-rc.1
WooCommerce 6.7.1
WooCommerce 6.8.0
WooCommerce 6.8.0-beta.1
WooCommerce 6.8.0-beta.2
WooCommerce 6.8.0-rc.1
WooCommerce 6.8.1
WooCommerce 6.8.2
WooCommerce 6.8.3
WooCommerce 6.9.0
WooCommerce 6.9.0-beta.1
WooCommerce 6.9.0-beta.2
WooCommerce 6.9.0-rc.1
WooCommerce 6.9.1
WooCommerce 6.9.2
WooCommerce 6.9.3
WooCommerce 6.9.4
WooCommerce 6.9.5
WooCommerce 7.0.0
WooCommerce 7.0.0-beta.1
WooCommerce 7.0.0-beta.2
WooCommerce 7.0.0-beta.3
WooCommerce 7.0.0-rc.1
WooCommerce 7.0.0-rc.2
WooCommerce 7.0.1
WooCommerce 7.0.2
WooCommerce 7.1.0
WooCommerce 7.1.0-beta.1
WooCommerce 7.1.0-beta.2
WooCommerce 7.1.0-rc.1
WooCommerce 7.1.0-rc.2
WooCommerce 7.1.1
WooCommerce 7.1.2
WooCommerce 7.2.0
WooCommerce 7.2.0-beta.1
WooCommerce 7.2.0-beta.2
WooCommerce 7.2.0-rc.1
WooCommerce 7.2.0-rc.2
WooCommerce 7.2.1
WooCommerce 7.2.2
WooCommerce 7.2.3
WooCommerce 7.2.4
WooCommerce 7.3.0
WooCommerce 7.3.0-beta.1
WooCommerce 7.3.0-beta.2
WooCommerce 7.3.0-rc.1
WooCommerce 7.3.0-rc.2
WooCommerce 7.3.1
WooCommerce 7.4.0
WooCommerce 7.4.0-beta.1
WooCommerce 7.4.0-beta.2
WooCommerce 7.4.0-rc.1
WooCommerce 7.4.0-rc.2
WooCommerce 7.4.1
WooCommerce 7.4.2
WooCommerce 7.5.0
WooCommerce 7.5.0-beta.1
WooCommerce 7.5.0-beta.2
WooCommerce 7.5.0-rc.1
WooCommerce 7.5.1
WooCommerce 7.5.2
WooCommerce 7.6.0
WooCommerce 7.6.0-beta.1
WooCommerce 7.6.0-beta.2
WooCommerce 7.6.0-rc.1
WooCommerce 7.6.0-rc.2
WooCommerce 7.6.0-rc.3
WooCommerce 7.6.1
WooCommerce 7.6.2
WooCommerce 7.7.0
WooCommerce 7.7.0-beta.1
WooCommerce 7.7.0-beta.2
WooCommerce 7.7.0-rc.1
WooCommerce 7.7.1
WooCommerce 7.7.2
WooCommerce 7.7.3
WooCommerce 7.8.0
WooCommerce 7.8.0-beta.1
WooCommerce 7.8.0-beta.2
WooCommerce 7.8.0-rc.1
WooCommerce 7.8.0-rc.2
WooCommerce 7.8.1
WooCommerce 7.8.2
WooCommerce 7.8.3
WooCommerce 7.8.4
WooCommerce 7.9.0
WooCommerce 7.9.0-beta.1
WooCommerce 7.9.0-beta.2
WooCommerce 7.9.0-rc.2
WooCommerce 7.9.0-rc.3
WooCommerce 7.9.1
WooCommerce 7.9.2
WooCommerce 8.0.0
WooCommerce 8.0.0-beta.1
WooCommerce 8.0.0-beta.2
WooCommerce 8.0.0-rc.1
WooCommerce 8.0.0-rc.2
WooCommerce 8.0.1
WooCommerce 8.0.2
WooCommerce 8.0.3
WooCommerce 8.0.4
WooCommerce 8.0.5
WooCommerce 8.1.0
WooCommerce 8.1.0-a.3
WooCommerce 8.1.0-a.4
WooCommerce 8.1.0-a.5
WooCommerce 8.1.0-beta.1
WooCommerce 8.1.0-rc.1
WooCommerce 8.1.0-rc.2
WooCommerce 8.1.1
WooCommerce 8.1.2
WooCommerce 8.1.3
WooCommerce 8.1.4
WooCommerce 8.2.0
WooCommerce 8.2.0-a.1
WooCommerce 8.2.0-beta.1
WooCommerce 8.2.0-rc.1
WooCommerce 8.2.0-rc.2
WooCommerce 8.2.1
WooCommerce 8.2.2
WooCommerce 8.2.3
WooCommerce 8.2.4
WooCommerce 8.2.5
WooCommerce 8.3.0
WooCommerce 8.3.0-beta.1
WooCommerce 8.3.0-rc.1
WooCommerce 8.3.0-rc.2
WooCommerce 8.3.1
WooCommerce 8.3.2
WooCommerce 8.3.3
WooCommerce 8.3.4
WooCommerce 8.4.0
WooCommerce 8.4.0-beta.1
WooCommerce 8.4.0-rc.1
WooCommerce 8.4.1
WooCommerce 8.4.2
WooCommerce 8.4.3
WooCommerce 8.5.0
WooCommerce 8.5.0-beta.1
WooCommerce 8.5.0-rc.1
WooCommerce 8.5.1
WooCommerce 8.5.2
WooCommerce 8.5.3
WooCommerce 8.5.4
WooCommerce 8.5.5
WooCommerce 8.6.0
WooCommerce 8.6.0-beta.1
WooCommerce 8.6.0-rc.1
WooCommerce 8.6.1
WooCommerce 8.6.2
WooCommerce 8.6.3
WooCommerce 8.6.4
WooCommerce 8.7.0
WooCommerce 8.7.0-beta.1
WooCommerce 8.7.0-beta.2
WooCommerce 8.7.0-rc.1
WooCommerce 8.7.1
WooCommerce 8.7.2
WooCommerce 8.7.3
WooCommerce 8.8.0
WooCommerce 8.8.0-beta.1
WooCommerce 8.8.0-rc.1
WooCommerce 8.8.1
WooCommerce 8.8.2
WooCommerce 8.8.3
WooCommerce 8.8.4
WooCommerce 8.8.5
WooCommerce 8.8.6
WooCommerce 8.8.7
WooCommerce 8.9.0
WooCommerce 8.9.0-beta.1
WooCommerce 8.9.0-rc.1
WooCommerce 8.9.1
WooCommerce 8.9.2
WooCommerce 8.9.3
WooCommerce 8.9.4
WooCommerce 8.9.5
WooCommerce 9.0.0
WooCommerce 9.0.0-beta.1
WooCommerce 9.0.0-beta.2
WooCommerce 9.0.0-rc.1
WooCommerce 9.0.1
WooCommerce 9.0.2
WooCommerce 9.0.3
WooCommerce 9.0.4
WooCommerce 9.1.0
WooCommerce 9.1.0-beta.1
WooCommerce 9.1.0-rc.1
WooCommerce 9.1.1
WooCommerce 9.1.2
WooCommerce 9.1.3
WooCommerce 9.1.4
WooCommerce 9.1.5
WooCommerce 9.1.6
WooCommerce 9.2.0
WooCommerce 9.2.1
WooCommerce 9.2.2
WooCommerce 9.2.3
WooCommerce 9.2.4
WooCommerce 9.2.5
WooCommerce nightly

Improper use of validation framework

Skrevet den 12. maj 202624. maj 2026 af i PrestaShop

An improper use of the validation framework (CWE-1173) in PrestaShop allows an authenticated attacker with high privileges to bypass input validation checks in certain form fields, including customer private notes, order internal notes, feature values, and manufacturer data.

This vulnerability affects the following application versions:

PrestaShop 1.6.0.1
PrestaShop 1.6.0.1 alpha 1
PrestaShop 1.6.0.2
PrestaShop 1.6.0.2 alpha 2
PrestaShop 1.6.0.3
PrestaShop 1.6.0.3 beta 1
PrestaShop 1.6.0.4
PrestaShop 1.6.0.4 RC1
PrestaShop 1.6.0.5
PrestaShop 1.6.0.6
PrestaShop 1.6.0.7
PrestaShop 1.6.0.8
PrestaShop 1.6.0.9
PrestaShop 1.6.0.10
PrestaShop 1.6.0.11
PrestaShop 1.6.0.12
PrestaShop 1.6.0.13
PrestaShop 1.6.0.14
PrestaShop 1.6.1.0
PrestaShop 1.6.1.0 RC4
PrestaShop 1.6.1.0 RC5
PrestaShop 1.6.1.1
PrestaShop 1.6.1.1 RC1
PrestaShop 1.6.1.1 RC2
PrestaShop 1.6.1.2
PrestaShop 1.6.1.2 RC1
PrestaShop 1.6.1.2 RC2
PrestaShop 1.6.1.2 RC3
PrestaShop 1.6.1.2 RC4
PrestaShop 1.6.1.3
PrestaShop 1.6.1.3 RC1
PrestaShop 1.6.1.4
PrestaShop 1.6.1.5
PrestaShop 1.6.1.6
PrestaShop 1.6.1.7
PrestaShop 1.6.1.8
PrestaShop 1.6.1.9
PrestaShop 1.6.1.10
PrestaShop 1.6.1.11
PrestaShop 1.6.1.11 beta 1
PrestaShop 1.6.1.11-beta.1.0
PrestaShop 1.6.1.12
PrestaShop 1.6.1.13
PrestaShop 1.6.1.14
PrestaShop 1.6.1.15
PrestaShop 1.6.1.16
PrestaShop 1.6.1.17
PrestaShop 1.6.1.18
PrestaShop 1.6.1.19
PrestaShop 1.6.1.20
PrestaShop 1.6.1.21
PrestaShop 1.6.1.22
PrestaShop 1.6.1.23
PrestaShop 1.6.1.24
PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 alpha3
PrestaShop 1.7.0.0 alpha4
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1
PrestaShop 1.7.0.2
PrestaShop 1.7.0.3
PrestaShop 1.7.0.4
PrestaShop 1.7.0.5
PrestaShop 1.7.0.6
PrestaShop 1.7.1.0
PrestaShop 1.7.1.0 beta1
PrestaShop 1.7.1.1
PrestaShop 1.7.1.2
PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.0-RC.1.0
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5
PrestaShop 1.7.3.0
PrestaShop 1.7.3.0 beta 1
PrestaShop 1.7.3.0 RC 1
PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3
PrestaShop 1.7.3.4
PrestaShop 1.7.4.0
PrestaShop 1.7.4.0 beta 1
PrestaShop 1.7.4.1
PrestaShop 1.7.4.2
PrestaShop 1.7.4.3
PrestaShop 1.7.4.4
PrestaShop 1.7.5.0
PrestaShop 1.7.5.0 beta 1
PrestaShop 1.7.5.0-beta.1
PrestaShop 1.7.5.0 RC 1
PrestaShop 1.7.5.0-RC.1
PrestaShop 1.7.5.1
PrestaShop 1.7.5.2
PrestaShop 1.7.6.0
PrestaShop 1.7.6.0 beta 1
PrestaShop 1.7.6.0 RC 1
PrestaShop 1.7.6.0 RC 2
PrestaShop 1.7.6.0-beta.1
PrestaShop 1.7.6.0-RC.1
PrestaShop 1.7.6.0-RC.2
PrestaShop 1.7.6.1
PrestaShop 1.7.6.2
PrestaShop 1.7.6.3
PrestaShop 1.7.6.4
PrestaShop 1.7.6.4 1
PrestaShop 1.7.6.5
PrestaShop 1.7.6.5 1
PrestaShop 1.7.6.6
PrestaShop 1.7.6.7
PrestaShop 1.7.6.8
PrestaShop 1.7.6.9
PrestaShop 1.7.7.0
PrestaShop 1.7.7.0 beta 1
PrestaShop 1.7.7.0 beta 2
PrestaShop 1.7.7.0 RC 1
PrestaShop 1.7.7.0-beta.1
PrestaShop 1.7.7.0-beta.2
PrestaShop 1.7.7.0-RC.1
PrestaShop 1.7.7.1
PrestaShop 1.7.7.2
PrestaShop 1.7.7.3
PrestaShop 1.7.7.4
PrestaShop 1.7.7.5
PrestaShop 1.7.7.6
PrestaShop 1.7.7.7
PrestaShop 1.7.7.8
PrestaShop 1.7.7.8 1
PrestaShop 1.7.8.0
PrestaShop 1.7.8.0 beta 1
PrestaShop 1.7.8.0 1
PrestaShop 1.7.8.0 RC 1
PrestaShop 1.7.8.0-beta.1
PrestaShop 1.7.8.0-RC.1
PrestaShop 1.7.8.1
PrestaShop 1.7.8.10
PrestaShop 1.7.8.11
PrestaShop 1.7.8.2
PrestaShop 1.7.8.2 1
PrestaShop 1.7.8.3
PrestaShop 1.7.8.4
PrestaShop 1.7.8.5
PrestaShop 1.7.8.6
PrestaShop 1.7.8.7
PrestaShop 1.7.8.7 1
PrestaShop 1.7.8.8
PrestaShop 1.7.8.9
PrestaShop 8.0.0
PrestaShop 8.0.1
PrestaShop 8.0.2
PrestaShop 8.0.3
PrestaShop 8.0.4
PrestaShop 8.0.5
PrestaShop 8.1.0
PrestaShop 8.1.1
PrestaShop 8.1.2
PrestaShop 8.1.3
PrestaShop 8.1.4
PrestaShop 8.1.5
PrestaShop 8.1.6
PrestaShop 8.1.7
PrestaShop 8.2.0
PrestaShop 8.2.1
PrestaShop 8.2.2
PrestaShop 8.2.3
PrestaShop 8.2.4
PrestaShop 9.0.0
PrestaShop 9.0.0-1.0
PrestaShop 9.0.0-1.0-beta.1
PrestaShop 9.0.0-1.0-RC.1
PrestaShop 9.0.1
PrestaShop 9.0.1-1.0
PrestaShop 9.0.2
PrestaShop 9.0.2-2.0
PrestaShop 9.0.2-2.1
PrestaShop 9.0.3
PrestaShop 9.0.3-3.0
PrestaShop 9.1.0-3.0-beta.1
PrestaShop show

Insufficient permission check in two factor profile settings

Skrevet den 12. maj 2026 af i Really Simple SSL

The two-factor profile settings handler in Really Simple SSL applies 2FA profile changes to the WP_User passed via the request without verifying that it matches the currently authenticated user. An authenticated user could therefore modify another user’s two-factor authentication settings (disable 2FA, reset backup codes, change the configured method), which can be used as a stepping stone for account takeover.

This vulnerability affects the following application versions:

Really Simple SSL 9.0.0
Really Simple SSL 9.0.2
Really Simple SSL 9.1.0
Really Simple SSL 9.1.1
Really Simple SSL 9.1.1.1
Really Simple SSL 9.1.2

Authorization bypass in User field AJAX query handler

Skrevet den 12. maj 2026 af i Advanced Custom Fields (ACF)

The acf/fields/user/query AJAX endpoint inherited unfiltered request parameters into WP_User_Query args, so a user with access to the field UI could override the field’s configured role restriction (role__in) and search across privileged user-meta columns including user_email.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 5.8.9
Advanced Custom Fields (ACF) 5.8.10
Advanced Custom Fields (ACF) 5.8.11
Advanced Custom Fields (ACF) 5.8.12
Advanced Custom Fields (ACF) 5.8.13
Advanced Custom Fields (ACF) 5.8.14
Advanced Custom Fields (ACF) 5.9.0
Advanced Custom Fields (ACF) 5.9.1
Advanced Custom Fields (ACF) 5.9.2
Advanced Custom Fields (ACF) 5.9.3
Advanced Custom Fields (ACF) 5.9.4
Advanced Custom Fields (ACF) 5.9.5
Advanced Custom Fields (ACF) 5.9.6
Advanced Custom Fields (ACF) 5.9.7
Advanced Custom Fields (ACF) 5.9.8
Advanced Custom Fields (ACF) 5.9.9
Advanced Custom Fields (ACF) 5.10
Advanced Custom Fields (ACF) 5.10.1
Advanced Custom Fields (ACF) 5.10.2
Advanced Custom Fields (ACF) 5.11
Advanced Custom Fields (ACF) 5.11.1
Advanced Custom Fields (ACF) 5.11.2
Advanced Custom Fields (ACF) 5.11.3
Advanced Custom Fields (ACF) 5.11.4
Advanced Custom Fields (ACF) 5.12
Advanced Custom Fields (ACF) 5.12.1
Advanced Custom Fields (ACF) 5.12.2
Advanced Custom Fields (ACF) 5.12.3
Advanced Custom Fields (ACF) 5.12.4
Advanced Custom Fields (ACF) 5.12.5
Advanced Custom Fields (ACF) 5.12.6
Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1
Advanced Custom Fields (ACF) 6.3.2
Advanced Custom Fields (ACF) 6.3.3
Advanced Custom Fields (ACF) 6.3.4
Advanced Custom Fields (ACF) 6.3.5
Advanced Custom Fields (ACF) 6.3.6
Advanced Custom Fields (ACF) 6.3.6.1
Advanced Custom Fields (ACF) 6.3.6.2
Advanced Custom Fields (ACF) 6.3.6.3
Advanced Custom Fields (ACF) 6.3.9
Advanced Custom Fields (ACF) 6.3.10.2
Advanced Custom Fields (ACF) 6.3.11
Advanced Custom Fields (ACF) 6.3.12
Advanced Custom Fields (ACF) 6.4.0
Advanced Custom Fields (ACF) 6.4.0.1
Advanced Custom Fields (ACF) 6.4.1
Advanced Custom Fields (ACF) 6.4.2
Advanced Custom Fields (ACF) 6.4.3
Advanced Custom Fields (ACF) 6.5.0
Advanced Custom Fields (ACF) 6.5.1
Advanced Custom Fields (ACF) 6.6.0
Advanced Custom Fields (ACF) 6.6.1
Advanced Custom Fields (ACF) 6.6.2
Advanced Custom Fields (ACF) 6.7.0

IP Address Spoofing to Denial of Service

Skrevet den 29. april 2026 af i Solid Security

The Solid Security – Password, Two Factor Authentication, and Brute Force Protection plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 9.3.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to perform a denial of service attack.

This vulnerability affects the following application versions:

Solid Security 8.0.0
Solid Security 8.0.1
Solid Security 8.0.2
Solid Security 8.1.0
Solid Security 8.1.1
Solid Security 8.1.2
Solid Security 8.1.3
Solid Security 8.1.4
Solid Security 8.1.5
Solid Security 8.1.6
Solid Security 8.1.7
Solid Security 8.1.8
Solid Security 9.0.0
Solid Security 9.0.1
Solid Security 9.0.2
Solid Security 9.0.3
Solid Security 9.1.0
Solid Security 9.2.0
Solid Security 9.3.0
Solid Security 9.3.1

Stored XSS in admin forms

Skrevet den 29. april 2026 af i Magento

Fixes a stored XSS vulnerability in admin forms. A low-privileged attacker could inject malicious JavaScript through form fields – specifically the newsletter template preview and bundle/downloadable item renderers on admin invoice, credit memo, shipment, and order pages – which would execute when another admin user viewed the affected page, potentially leading to privilege escalation or sensitive data disclosure. The patch adds malicious-code filtering to the newsletter preview, tightens the preview iframe sandbox attribute, and switches output escaping to the injected Escaper service in the affected templates.

This vulnerability affects the following application versions:

Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.4-p12
Magento 2.4.4-p13
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.5-p11
Magento 2.4.5-p12
Magento 2.4.5-p13
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.6-p9
Magento 2.4.6-p10
Magento 2.4.6-p11
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.7-p4
Magento 2.4.7-p5
Magento 2.4.7-p6
Magento 2.4.8
Magento 2.4.8-beta1
Magento 2.4.8-beta2
Magento 2.4.8-p1
Magento 2.4.9-alpha1

[20260306] – Core – Improper access check in webservice endpoints

Skrevet den 7. april 2026 af i Joomla

An improper access check allows unauthorized access to webservice endpoints.

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 5.4.2
Joomla 5.4.3
Joomla 6.0.0
Joomla 6.0.1
Joomla 6.0.2
Joomla 6.0.3

[20260304] – Core – XSS vectors in various article title outputs

Skrevet den 7. april 2026 af i Joomla

Lack of output escaping for article titles leads to XSS vectors in various locations.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 5.4.2
Joomla 5.4.3
Joomla 6.0.0
Joomla 6.0.1
Joomla 6.0.2
Joomla 6.0.3

[20260303] – XSS vector in com_associations comparison view

Skrevet den 7. april 2026 af i Joomla

Lack of output escaping leads to a XSS vector in the multilingual associations component

Versions: 4.0.0-5.4.3, 6.0.0-6.0.3

Exploit type: XSS

Reported Date: 2026-03-11

Fixed Date: 2026-03-31

CVE Number: CVE-2026-21631

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 5.4.2
Joomla 5.4.3
Joomla 6.0.0
Joomla 6.0.1
Joomla 6.0.2
Joomla 6.0.3

[20260302] – Core – SQL injection in com_content articles webservice endpoint

Skrevet den 7. april 2026 af i Joomla

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.

Affected Installs

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 5.4.2
Joomla 5.4.3
Joomla 6.0.0
Joomla 6.0.1
Joomla 6.0.2
Joomla 6.0.3

[20260305] – Arbitrary file deletion in com_joomlaupdate

Skrevet den 7. april 2026 af i Joomla

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.

This vulnerability affects the following application versions:

Joomla 5.4.0
Joomla 5.4.1
Joomla 5.4.2
Joomla 5.4.3
Joomla 6.0.0
Joomla 6.0.1
Joomla 6.0.2
Joomla 6.0.3

Incorrect Access Control in com_ajax

Skrevet den 7. april 2026 af i Joomla

An incorrect access control vulnerability allows unauthenticated access to AJAX handlers in the administrative area. The com_ajax component was excluded from the default logged-in-user check, potentially allowing attackers to invoke backend AJAX endpoints without authentication.

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 5.4.2
Joomla 5.4.3
Joomla 6.0.0
Joomla 6.0.1
Joomla 6.0.2
Joomla 6.0.3

Improper output escaping of widget identifiers across multiple widgets

Skrevet den 1. april 2026 af i Essential Addons for Elementor

Widget IDs rendered without context-appropriate escaping in HTML attributes, inline JavaScript, and inline CSS across six Essential Addons elements, exposing potential stored XSS vectors through unescaped dynamic output in the DOM.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.2.3
Essential Addons for Elementor 4.2.4
Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19

Improved code security enforcement

Skrevet den 1. april 2026 af i Elementor Website Builder

Patched stored XSS vulnerabilities in the REST API request handling and Lightbox component, and fixed a missing authorization check in AI image uploads. Users without the unfiltered_html capability could previously inject malicious scripts via Elementor post data or crafted lightbox content. All three issues are resolved by enforcing proper input sanitization and permission verification.

This vulnerability affects the following application versions:

Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4
Elementor Website Builder 3.29.1
Elementor Website Builder 3.29.2
Elementor Website Builder 3.30.0
Elementor Website Builder 3.30.0-beta1
Elementor Website Builder 3.30.0-beta2
Elementor Website Builder 3.30.0-beta3
Elementor Website Builder 3.30.0-dev1
Elementor Website Builder 3.30.0-dev2
Elementor Website Builder 3.30.0-dev3
Elementor Website Builder 3.30.1
Elementor Website Builder 3.30.2
Elementor Website Builder 3.30.3
Elementor Website Builder 3.30.4
Elementor Website Builder 3.31.0
Elementor Website Builder 3.31.0-beta1
Elementor Website Builder 3.31.0-beta2
Elementor Website Builder 3.31.0-dev1
Elementor Website Builder 3.31.0-dev2
Elementor Website Builder 3.31.1
Elementor Website Builder 3.31.2
Elementor Website Builder 3.31.3
Elementor Website Builder 3.31.4
Elementor Website Builder 3.31.5
Elementor Website Builder 3.32.0
Elementor Website Builder 3.32.0-beta1
Elementor Website Builder 3.32.0-beta2
Elementor Website Builder 3.32.0-beta3
Elementor Website Builder 3.32.0-dev1
Elementor Website Builder 3.32.0-dev2
Elementor Website Builder 3.32.0-dev3
Elementor Website Builder 3.32.1
Elementor Website Builder 3.32.2
Elementor Website Builder 3.32.3
Elementor Website Builder 3.32.4
Elementor Website Builder 3.32.5
Elementor Website Builder 3.33.0
Elementor Website Builder 3.33.0-beta1
Elementor Website Builder 3.33.0-beta2
Elementor Website Builder 3.33.0-beta3
Elementor Website Builder 3.33.0-beta4
Elementor Website Builder 3.33.0-dev1
Elementor Website Builder 3.33.0-dev2
Elementor Website Builder 3.33.0-dev3
Elementor Website Builder 3.33.0-dev4
Elementor Website Builder 3.33.1
Elementor Website Builder 3.33.2
Elementor Website Builder 3.33.3
Elementor Website Builder 3.33.4
Elementor Website Builder 3.33.5
Elementor Website Builder 3.33.6
Elementor Website Builder 3.34.0
Elementor Website Builder 3.34.0-beta1
Elementor Website Builder 3.34.0-beta2
Elementor Website Builder 3.34.0-beta3
Elementor Website Builder 3.34.0-dev1
Elementor Website Builder 3.34.0-dev2
Elementor Website Builder 3.34.1
Elementor Website Builder 3.34.2
Elementor Website Builder 3.34.3
Elementor Website Builder 3.34.4
Elementor Website Builder 3.35.0
Elementor Website Builder 3.35.0-beta1
Elementor Website Builder 3.35.0-beta2
Elementor Website Builder 3.35.0-beta3
Elementor Website Builder 3.35.0-beta4
Elementor Website Builder 3.35.0-dev1
Elementor Website Builder 3.35.0-dev2
Elementor Website Builder 3.35.0-dev3
Elementor Website Builder 3.35.0-dev4
Elementor Website Builder 3.35.1
Elementor Website Builder 3.35.2
Elementor Website Builder 3.35.3
Elementor Website Builder 3.35.4
Elementor Website Builder 3.35.5

Cross-Site Scripting (XSS) in UpdraftPlus

Skrevet den 1. april 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

A cross-site scripting (XSS) vulnerability was discovered in UpdraftPlus versions prior to 1.24.9. This vulnerability allows an attacker to inject malicious scripts through improperly sanitized input, potentially leading to session hijacking, data theft, or other malicious actions.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7

Cross-Site Request Forgery in debug view

Skrevet den 1. april 2026 af i Website Builder by SeedProd

Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.

This vulnerability affects the following application versions:

Website Builder by SeedProd 6.0.8
Website Builder by SeedProd 6.0.8.1
Website Builder by SeedProd 6.0.8.2
Website Builder by SeedProd 6.0.8.3
Website Builder by SeedProd 6.0.8.4
Website Builder by SeedProd 6.0.8.5
Website Builder by SeedProd 6.0.9.0
Website Builder by SeedProd 6.0.10.1
Website Builder by SeedProd 6.0.11.1
Website Builder by SeedProd 6.2.0
Website Builder by SeedProd 6.2.1
Website Builder by SeedProd 6.2.2
Website Builder by SeedProd 6.2.3
Website Builder by SeedProd 6.2.4
Website Builder by SeedProd 6.2.5
Website Builder by SeedProd 6.6.0
Website Builder by SeedProd 6.9.0.8
Website Builder by SeedProd 6.10.0
Website Builder by SeedProd 6.12.0
Website Builder by SeedProd 6.12.2
Website Builder by SeedProd 6.13.0
Website Builder by SeedProd 6.13.1
Website Builder by SeedProd 6.15.3
Website Builder by SeedProd 6.15.4
Website Builder by SeedProd 6.15.6
Website Builder by SeedProd 6.15.7
Website Builder by SeedProd 6.15.13.1
Website Builder by SeedProd 6.15.15.3
Website Builder by SeedProd 6.15.18
Website Builder by SeedProd 6.15.19
Website Builder by SeedProd 6.15.20
Website Builder by SeedProd 6.15.21
Website Builder by SeedProd 6.15.22
Website Builder by SeedProd 6.15.23
Website Builder by SeedProd 6.17.4
Website Builder by SeedProd 6.18.4
Website Builder by SeedProd 6.18.5
Website Builder by SeedProd 6.18.9

Prevent stored XSS on order notes added via REST API

Skrevet den 1. april 2026 af i WooCommerce

Prevent stored XSS on order notes added via REST API

This vulnerability affects the following application versions:

WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4
WooCommerce 3.5.5
WooCommerce 3.5.6
WooCommerce 3.5.7
WooCommerce 3.5.8
WooCommerce 3.5.9
WooCommerce 3.5.10
WooCommerce 3.6.0
WooCommerce 3.6.0-beta.1
WooCommerce 3.6.0-rc.1
WooCommerce 3.6.0-rc.2
WooCommerce 3.6.0-rc.3
WooCommerce 3.6.1
WooCommerce 3.6.2
WooCommerce 3.6.3
WooCommerce 3.6.4
WooCommerce 3.6.5
WooCommerce 3.6.6
WooCommerce 3.6.7
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0-rc.1
WooCommerce 3.7.0-rc.2
WooCommerce 3.7.1
WooCommerce 3.7.2
WooCommerce 3.7.3
WooCommerce 3.8.0
WooCommerce 3.8.0-beta.1
WooCommerce 3.8.0-rc.1
WooCommerce 3.8.0-rc.2
WooCommerce 3.8.1
WooCommerce 3.8.2
WooCommerce 3.8.3
WooCommerce 3.9.0
WooCommerce 3.9.0-beta.1
WooCommerce 3.9.0-beta.2
WooCommerce 3.9.0-rc.1
WooCommerce 3.9.0-rc.2
WooCommerce 3.9.0-rc.3
WooCommerce 3.9.0-rc.4
WooCommerce 3.9.1
WooCommerce 3.9.2
WooCommerce 3.9.3
WooCommerce 3.9.4
WooCommerce 3.9.5
WooCommerce 4.0.0
WooCommerce 4.0.0-beta.1
WooCommerce 4.0.0-rc.1
WooCommerce 4.0.0-rc.2
WooCommerce 4.0.1
WooCommerce 4.0.2
WooCommerce 4.0.3
WooCommerce 4.0.4
WooCommerce 4.1.0
WooCommerce 4.1.0-beta.1
WooCommerce 4.1.0-beta.2
WooCommerce 4.1.0-rc.1
WooCommerce 4.1.0-rc.2
WooCommerce 4.1.0-rc.3
WooCommerce 4.1.1
WooCommerce 4.1.2
WooCommerce 4.1.2.1
WooCommerce 4.1.3
WooCommerce 4.1.4
WooCommerce 4.2.0
WooCommerce 4.2.0-beta.1
WooCommerce 4.2.0-RC.1
WooCommerce 4.2.0-RC.2
WooCommerce 4.2.1
WooCommerce 4.2.2
WooCommerce 4.2.3
WooCommerce 4.2.3.1
WooCommerce 4.2.4
WooCommerce 4.2.5
WooCommerce 4.3.0
WooCommerce 4.3.0-beta.1
WooCommerce 4.3.0-rc.1
WooCommerce 4.3.0-rc.2
WooCommerce 4.3.0-rc.3
WooCommerce 4.3.1
WooCommerce 4.3.2
WooCommerce 4.3.3
WooCommerce 4.3.4
WooCommerce 4.3.4.1
WooCommerce 4.3.5
WooCommerce 4.3.6
WooCommerce 4.4.0
WooCommerce 4.4.0-beta.1
WooCommerce 4.4.0-rc.1
WooCommerce 4.4.1
WooCommerce 4.4.2
WooCommerce 4.4.2.1
WooCommerce 4.4.3
WooCommerce 4.4.4
WooCommerce 4.5.0
WooCommerce 4.5.0-beta.1
WooCommerce 4.5.0-rc.1
WooCommerce 4.5.0-rc.2
WooCommerce 4.5.0-rc.3
WooCommerce 4.5.1
WooCommerce 4.5.2
WooCommerce 4.5.3
WooCommerce 4.5.3.1
WooCommerce 4.5.4
WooCommerce 4.5.5
WooCommerce 4.6.0
WooCommerce 4.6.0-beta.1
WooCommerce 4.6.0-rc.1
WooCommerce 4.6.1
WooCommerce 4.6.2
WooCommerce 4.6.3
WooCommerce 4.6.3.1
WooCommerce 4.6.4
WooCommerce 4.6.5
WooCommerce 4.7.0
WooCommerce 4.7.0-beta.1
WooCommerce 4.7.0-beta.2
WooCommerce 4.7.0-rc.1
WooCommerce 4.7.1
WooCommerce 4.7.1-beta.1
WooCommerce 4.7.2
WooCommerce 4.7.3
WooCommerce 4.7.4
WooCommerce 4.8.0
WooCommerce 4.8.0-beta.1
WooCommerce 4.8.0-rc.1
WooCommerce 4.8.0-rc.2
WooCommerce 4.8.1
WooCommerce 4.8.2
WooCommerce 4.8.3
WooCommerce 4.9.0
WooCommerce 4.9.0-beta.1
WooCommerce 4.9.0-rc.1
WooCommerce 4.9.0-rc.2
WooCommerce 4.9.1
WooCommerce 4.9.2
WooCommerce 4.9.3
WooCommerce 4.9.4
WooCommerce 4.9.5
WooCommerce 5.0.0
WooCommerce 5.0.0-beta.1
WooCommerce 5.0.0-beta.2
WooCommerce 5.0.0-rc.1
WooCommerce 5.0.0-rc.2
WooCommerce 5.0.0-rc.3
WooCommerce 5.0.1
WooCommerce 5.0.2
WooCommerce 5.0.3
WooCommerce 5.1.0
WooCommerce 5.1.0-beta.1
WooCommerce 5.1.0-rc.1
WooCommerce 5.1.1
WooCommerce 5.1.2
WooCommerce 5.1.3
WooCommerce 5.2.0
WooCommerce 5.2.0-beta.1
WooCommerce 5.2.0-rc.1
WooCommerce 5.2.0-rc.2
WooCommerce 5.2.1
WooCommerce 5.2.2
WooCommerce 5.2.3
WooCommerce 5.2.4
WooCommerce 5.2.5
WooCommerce 5.3.0
WooCommerce 5.3.0-beta.1
WooCommerce 5.3.0-rc.1
WooCommerce 5.3.0-rc.2
WooCommerce 5.3.1
WooCommerce 5.3.2
WooCommerce 5.3.3
WooCommerce 5.4.0
WooCommerce 5.4.0-beta.1
WooCommerce 5.4.0-rc.1
WooCommerce 5.4.1
WooCommerce 5.4.2
WooCommerce 5.4.3
WooCommerce 5.4.4
WooCommerce 5.4.5
WooCommerce 5.5.0
WooCommerce 5.5.0-beta.1
WooCommerce 5.5.0-rc.1
WooCommerce 5.5.0-rc.2
WooCommerce 5.5.1
WooCommerce 5.5.2
WooCommerce 5.5.3
WooCommerce 5.5.4
WooCommerce 5.5.5
WooCommerce 5.6.0
WooCommerce 5.6.0-beta.1
WooCommerce 5.6.0-rc.1
WooCommerce 5.6.0-rc.2
WooCommerce 5.6.1
WooCommerce 5.6.2
WooCommerce 5.6.3
WooCommerce 5.7.0
WooCommerce 5.7.0-beta.1
WooCommerce 5.7.0-rc.1
WooCommerce 5.7.0-rc.2
WooCommerce 5.7.1
WooCommerce 5.7.2
WooCommerce 5.7.3
WooCommerce 5.8.0
WooCommerce 5.8.0-beta.1
WooCommerce 5.8.0-beta.2
WooCommerce 5.8.0-rc.1
WooCommerce 5.8.1
WooCommerce 5.8.2
WooCommerce 5.9.0
WooCommerce 5.9.0-beta.1
WooCommerce 5.9.0-rc.1
WooCommerce 5.9.0-RC.1
WooCommerce 10.0.0
WooCommerce 10.0.0-rc.1
WooCommerce 10.0.0-rc.2
WooCommerce 10.0.1
WooCommerce 10.0.2
WooCommerce 10.0.3
WooCommerce 10.0.4
WooCommerce 10.0.5
WooCommerce 10.0.6
WooCommerce 10.1.0
WooCommerce 10.1.0-rc.1
WooCommerce 10.1.0-rc.2
WooCommerce 10.1.0-rc.3
WooCommerce 10.1.0-rc.4
WooCommerce 10.1.1
WooCommerce 10.1.2
WooCommerce 10.1.3
WooCommerce 10.1.4
WooCommerce 10.2.0
WooCommerce 10.2.0-beta.1
WooCommerce 10.2.0-beta.2
WooCommerce 10.2.0-rc.1
WooCommerce 10.2.1
WooCommerce 10.2.2
WooCommerce 10.2.3
WooCommerce 10.2.4
WooCommerce 10.3.0
WooCommerce 10.3.0-beta.1
WooCommerce 10.3.0-beta.2
WooCommerce 10.3.0-rc.1
WooCommerce 10.3.0-rc.2
WooCommerce 10.3.1
WooCommerce 10.3.2
WooCommerce 10.3.3
WooCommerce 10.3.4
WooCommerce 10.3.5
WooCommerce 10.3.6
WooCommerce 10.3.7
WooCommerce 10.3.8
WooCommerce 10.4.0
WooCommerce 10.4.0-beta.1
WooCommerce 10.4.0-beta.2
WooCommerce 10.4.0-rc.1
WooCommerce 10.4.1
WooCommerce 10.4.2
WooCommerce 10.4.3
WooCommerce 10.4.4
WooCommerce 10.5.0
WooCommerce 10.5.0-beta.1
WooCommerce 10.5.0-beta.2
WooCommerce 10.5.0-rc.1
WooCommerce 10.5.0-rc.2
WooCommerce 10.5.0-rc.3
WooCommerce 10.5.1
WooCommerce 10.5.2
WooCommerce 10.5.3
WooCommerce 10.6.0-beta.1
WooCommerce 10.6.0-beta.2
WooCommerce 10.6.0-rc.1
WooCommerce 5.9.0-rc.2
WooCommerce 5.9.1
WooCommerce 5.9.2
WooCommerce 6.0.0
WooCommerce 6.0.0-beta.1
WooCommerce 6.0.0-rc.1
WooCommerce 6.0.1
WooCommerce 6.0.2
WooCommerce 6.1.0
WooCommerce 6.1.0-beta.1
WooCommerce 6.1.0-rc.1
WooCommerce 6.1.0-rc.2
WooCommerce 6.1.1
WooCommerce 6.1.2
WooCommerce 6.1.3
WooCommerce 6.2.0
WooCommerce 6.2.0-beta.1
WooCommerce 6.2.0-rc.1
WooCommerce 6.2.0-rc.2
WooCommerce 6.2.1
WooCommerce 6.2.2
WooCommerce 6.2.3
WooCommerce 6.3.0
WooCommerce 6.3.0-beta.1
WooCommerce 6.3.0-rc.1
WooCommerce 6.3.0-rc.2
WooCommerce 6.3.1
WooCommerce 6.3.2
WooCommerce 6.4.0
WooCommerce 6.4.0-beta.1
WooCommerce 6.4.0-rc.1
WooCommerce 6.4.1
WooCommerce 6.4.2
WooCommerce 6.5.0
WooCommerce 6.5.0-beta.1
WooCommerce 6.5.0-rc.1
WooCommerce 6.5.0-rc.2
WooCommerce 6.5.1
WooCommerce 6.5.2
WooCommerce 6.6.0
WooCommerce 6.6.0-beta.1
WooCommerce 6.6.0-rc.1
WooCommerce 6.6.0-rc.2
WooCommerce 6.6.1
WooCommerce 6.6.2
WooCommerce 6.7.0
WooCommerce 6.7.0-beta.1
WooCommerce 6.7.0-beta.2
WooCommerce 6.7.0-rc.1
WooCommerce 6.7.1
WooCommerce 6.8.0
WooCommerce 6.8.0-beta.1
WooCommerce 6.8.0-beta.2
WooCommerce 6.8.0-rc.1
WooCommerce 6.8.1
WooCommerce 6.8.2
WooCommerce 6.8.3
WooCommerce 6.9.0
WooCommerce 6.9.0-beta.1
WooCommerce 6.9.0-beta.2
WooCommerce 6.9.0-rc.1
WooCommerce 6.9.1
WooCommerce 6.9.2
WooCommerce 6.9.3
WooCommerce 6.9.4
WooCommerce 6.9.5
WooCommerce 7.0.0
WooCommerce 7.0.0-beta.1
WooCommerce 7.0.0-beta.2
WooCommerce 7.0.0-beta.3
WooCommerce 7.0.0-rc.1
WooCommerce 7.0.0-rc.2
WooCommerce 7.0.1
WooCommerce 7.0.2
WooCommerce 7.1.0
WooCommerce 7.1.0-beta.1
WooCommerce 7.1.0-beta.2
WooCommerce 7.1.0-rc.1
WooCommerce 7.1.0-rc.2
WooCommerce 7.1.1
WooCommerce 7.1.2
WooCommerce 7.2.0
WooCommerce 7.2.0-beta.1
WooCommerce 7.2.0-beta.2
WooCommerce 7.2.0-rc.1
WooCommerce 7.2.0-rc.2
WooCommerce 7.2.1
WooCommerce 7.2.2
WooCommerce 7.2.3
WooCommerce 7.2.4
WooCommerce 7.3.0
WooCommerce 7.3.0-beta.1
WooCommerce 7.3.0-beta.2
WooCommerce 7.3.0-rc.1
WooCommerce 7.3.0-rc.2
WooCommerce 7.3.1
WooCommerce 7.4.0
WooCommerce 7.4.0-beta.1
WooCommerce 7.4.0-beta.2
WooCommerce 7.4.0-rc.1
WooCommerce 7.4.0-rc.2
WooCommerce 7.4.1
WooCommerce 7.4.2
WooCommerce 7.5.0
WooCommerce 7.5.0-beta.1
WooCommerce 7.5.0-beta.2
WooCommerce 7.5.0-rc.1
WooCommerce 7.5.1
WooCommerce 7.5.2
WooCommerce 7.6.0
WooCommerce 7.6.0-beta.1
WooCommerce 7.6.0-beta.2
WooCommerce 7.6.0-rc.1
WooCommerce 7.6.0-rc.2
WooCommerce 7.6.0-rc.3
WooCommerce 7.6.1
WooCommerce 7.6.2
WooCommerce 7.7.0
WooCommerce 7.7.0-beta.1
WooCommerce 7.7.0-beta.2
WooCommerce 7.7.0-rc.1
WooCommerce 7.7.1
WooCommerce 7.7.2
WooCommerce 7.7.3
WooCommerce 7.8.0
WooCommerce 7.8.0-beta.1
WooCommerce 7.8.0-beta.2
WooCommerce 7.8.0-rc.1
WooCommerce 7.8.0-rc.2
WooCommerce 7.8.1
WooCommerce 7.8.2
WooCommerce 7.8.3
WooCommerce 7.8.4
WooCommerce 7.9.0
WooCommerce 7.9.0-beta.1
WooCommerce 7.9.0-beta.2
WooCommerce 7.9.0-rc.2
WooCommerce 7.9.0-rc.3
WooCommerce 7.9.1
WooCommerce 7.9.2
WooCommerce 8.0.0
WooCommerce 8.0.0-beta.1
WooCommerce 8.0.0-beta.2
WooCommerce 8.0.0-rc.1
WooCommerce 8.0.0-rc.2
WooCommerce 8.0.1
WooCommerce 8.0.2
WooCommerce 8.0.3
WooCommerce 8.0.4
WooCommerce 8.0.5
WooCommerce 8.1.0
WooCommerce 8.1.0-a.3
WooCommerce 8.1.0-a.4
WooCommerce 8.1.0-a.5
WooCommerce 8.1.0-beta.1
WooCommerce 8.1.0-rc.1
WooCommerce 8.1.0-rc.2
WooCommerce 8.1.1
WooCommerce 8.1.2
WooCommerce 8.1.3
WooCommerce 8.1.4
WooCommerce 8.2.0
WooCommerce 8.2.0-a.1
WooCommerce 8.2.0-beta.1
WooCommerce 8.2.0-rc.1
WooCommerce 8.2.0-rc.2
WooCommerce 8.2.1
WooCommerce 8.2.2
WooCommerce 8.2.3
WooCommerce 8.2.4
WooCommerce 8.2.5
WooCommerce 8.3.0
WooCommerce 8.3.0-beta.1
WooCommerce 8.3.0-rc.1
WooCommerce 8.3.0-rc.2
WooCommerce 8.3.1
WooCommerce 8.3.2
WooCommerce 8.3.3
WooCommerce 8.3.4
WooCommerce 8.4.0
WooCommerce 8.4.0-beta.1
WooCommerce 8.4.0-rc.1
WooCommerce 8.4.1
WooCommerce 8.4.2
WooCommerce 8.4.3
WooCommerce 8.5.0
WooCommerce 8.5.0-beta.1
WooCommerce 8.5.0-rc.1
WooCommerce 8.5.1
WooCommerce 8.5.2
WooCommerce 8.5.3
WooCommerce 8.5.4
WooCommerce 8.5.5
WooCommerce 8.6.0
WooCommerce 8.6.0-beta.1
WooCommerce 8.6.0-rc.1
WooCommerce 8.6.1
WooCommerce 8.6.2
WooCommerce 8.6.3
WooCommerce 8.6.4
WooCommerce 8.7.0
WooCommerce 8.7.0-beta.1
WooCommerce 8.7.0-beta.2
WooCommerce 8.7.0-rc.1
WooCommerce 8.7.1
WooCommerce 8.7.2
WooCommerce 8.7.3
WooCommerce 8.8.0
WooCommerce 8.8.0-beta.1
WooCommerce 8.8.0-rc.1
WooCommerce 8.8.1
WooCommerce 8.8.2
WooCommerce 8.8.3
WooCommerce 8.8.4
WooCommerce 8.8.5
WooCommerce 8.8.6
WooCommerce 8.8.7
WooCommerce 8.9.0
WooCommerce 8.9.0-beta.1
WooCommerce 8.9.0-rc.1
WooCommerce 8.9.1
WooCommerce 8.9.2
WooCommerce 8.9.3
WooCommerce 8.9.4
WooCommerce 8.9.5
WooCommerce 9.0.0
WooCommerce 9.0.0-beta.1
WooCommerce 9.0.0-beta.2
WooCommerce 9.0.0-rc.1
WooCommerce 9.0.1
WooCommerce 9.0.2
WooCommerce 9.0.3
WooCommerce 9.0.4
WooCommerce 9.1.0
WooCommerce 9.1.0-beta.1
WooCommerce 9.1.0-rc.1
WooCommerce 9.1.1
WooCommerce 9.1.2
WooCommerce 9.1.3
WooCommerce 9.1.4
WooCommerce 9.1.5
WooCommerce 9.1.6
WooCommerce 9.2.0
WooCommerce 9.2.0-beta.1
WooCommerce 9.2.0-rc.1
WooCommerce 9.2.1
WooCommerce 9.2.2
WooCommerce 9.2.3
WooCommerce 9.2.4
WooCommerce 9.2.5
WooCommerce 9.3.0
WooCommerce 9.3.0-beta.1
WooCommerce 9.3.0-rc.1
WooCommerce 9.3.1
WooCommerce 9.3.2
WooCommerce 9.3.3
WooCommerce 9.3.4
WooCommerce 9.3.5
WooCommerce 9.3.6
WooCommerce 9.4.0
WooCommerce 9.4.0-beta.1
WooCommerce 9.4.0-beta.2
WooCommerce 9.4.0-rc.1
WooCommerce 9.4.0-rc.2
WooCommerce 9.4.0-rc.3
WooCommerce 9.4.0-rc.4
WooCommerce 9.4.1
WooCommerce 9.4.2
WooCommerce 9.4.3
WooCommerce 9.4.4
WooCommerce 9.4.5
WooCommerce 9.5.0
WooCommerce 9.5.0-beta.1
WooCommerce 9.5.0-beta.2
WooCommerce 9.5.0-rc.1
WooCommerce 9.5.1
WooCommerce 9.5.2
WooCommerce 9.5.3
WooCommerce 9.5.4
WooCommerce 9.6.0
WooCommerce 9.6.0-beta.1
WooCommerce 9.6.0-beta.2
WooCommerce 9.6.0-rc.1
WooCommerce 9.6.1
WooCommerce 9.6.2
WooCommerce 9.6.3
WooCommerce 9.6.4
WooCommerce 9.7.0
WooCommerce 9.7.0-beta.1
WooCommerce 9.7.0-rc.1
WooCommerce 9.7.1
WooCommerce 9.7.2
WooCommerce 9.7.3
WooCommerce 9.8.0
WooCommerce 9.8.0-beta.1
WooCommerce 9.8.0-rc.1
WooCommerce 9.8.1
WooCommerce 9.8.2
WooCommerce 9.8.3
WooCommerce 9.8.4
WooCommerce 9.8.5
WooCommerce 9.8.6
WooCommerce 9.8.7
WooCommerce 9.9.0
WooCommerce 9.9.0-beta.1
WooCommerce 9.9.0-rc.1
WooCommerce 9.9.1
WooCommerce 9.9.2
WooCommerce 9.9.3
WooCommerce 9.9.4
WooCommerce 9.9.5
WooCommerce 9.9.6
WooCommerce 9.9.7
WooCommerce list
WooCommerce nightly
WooCommerce trunk-snapshot

Authenticated (Administrator+) stored cross-site scripting via breadcrumb parameters

Skrevet den 1. april 2026 af i Rank Math SEO

The plugin does not sanitize the before, after, wrap_before, and wrap_after breadcrumb arguments before outputting them on the page. An attacker with sufficient privileges could inject arbitrary JavaScript through these parameters, which would execute in the browsers of all visitors viewing pages with breadcrumbs.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218
Rank Math SEO 1.0.219
Rank Math SEO 1.0.220
Rank Math SEO 1.0.221
Rank Math SEO 1.0.222
Rank Math SEO 1.0.223
Rank Math SEO 1.0.224
Rank Math SEO 1.0.225
Rank Math SEO 1.0.226
Rank Math SEO 1.0.227
Rank Math SEO 1.0.227.1
Rank Math SEO 1.0.228
Rank Math SEO 1.0.229

Arbitrary Shortcode Execution in Ninja Forms Plugin

Skrevet den 1. april 2026 af i Ninja Forms – The Contact Form Builder

The plugin fails to properly validate user-supplied input before passing it to the do_shortcode function in the form preview functionality. This could allow attackers to execute unintended shortcodes, potentially leading to information disclosure, privilege escalation.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.8.5
Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15
Ninja Forms – The Contact Form Builder 3.8.16
Ninja Forms – The Contact Form Builder 3.8.17
Ninja Forms – The Contact Form Builder 3.8.18
Ninja Forms – The Contact Form Builder 3.8.19
Ninja Forms – The Contact Form Builder 3.8.20
Ninja Forms – The Contact Form Builder 3.8.21
Ninja Forms – The Contact Form Builder 3.8.22

Insecure deserialization and unauthorized plugin deactivation

Skrevet den 24. marts 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

The restored_plugins() function contains multiple security vulnerabilities including insecure deserialization of untrusted data and insufficient authorization checks for plugin deactivation operations.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6

Unauthenticated Login Page Disclosure

Skrevet den 4. marts 2026 af i Solid Security

Unauthenticated attackers could discover the custom login page path when comments and user registration were enabled, bypassing the plugin’s login path hiding.

This vulnerability affects the following application versions:

Solid Security 8.0.0
Solid Security 8.0.1
Solid Security 8.0.2
Solid Security 8.1.0
Solid Security 8.1.1
Solid Security 8.1.2
Solid Security 8.1.3
Solid Security 8.1.4
Solid Security 8.1.5
Solid Security 8.1.6
Solid Security 8.1.7
Solid Security 8.1.8
Solid Security 9.0.0

Unrestricted Zip AI token overwrite via GET parameters (missing nonce)

Skrevet den 4. marts 2026 af i Starter Templates – AI-Powered Templates

The Starter Templates (Astra Sites) plugin saved Zip AI auth tokens (token, credit_token, email) from URL query parameters when an admin visited the Starter Templates page (themes.php?page=starter-templates). The handler did not check a nonce or other CSRF protection. An attacker could send a logged-in admin a link containing crafted token, credit_token, and email values; if the admin opened it, the plugin would overwrite the site’s Zip AI settings with the attacker’s values, leading to authentication takeover or abuse of the Zip AI integration.

This vulnerability affects the following application versions:

Starter Templates – AI-Powered Templates 0.4.4.0
Starter Templates – AI-Powered Templates 4.0.0
Starter Templates – AI-Powered Templates 4.0.1
Starter Templates – AI-Powered Templates 4.0.2
Starter Templates – AI-Powered Templates 4.0.3
Starter Templates – AI-Powered Templates 4.0.4
Starter Templates – AI-Powered Templates 4.0.5
Starter Templates – AI-Powered Templates 4.0.6
Starter Templates – AI-Powered Templates 4.0.7
Starter Templates – AI-Powered Templates 4.0.8
Starter Templates – AI-Powered Templates 4.0.9
Starter Templates – AI-Powered Templates 4.0.10
Starter Templates – AI-Powered Templates 4.0.11
Starter Templates – AI-Powered Templates 4.0.12
Starter Templates – AI-Powered Templates 4.0.13
Starter Templates – AI-Powered Templates 4.1.0
Starter Templates – AI-Powered Templates 4.1.1
Starter Templates – AI-Powered Templates 4.1.2
Starter Templates – AI-Powered Templates 4.1.3
Starter Templates – AI-Powered Templates 4.1.4
Starter Templates – AI-Powered Templates 4.1.5
Starter Templates – AI-Powered Templates 4.1.6
Starter Templates – AI-Powered Templates 4.1.7
Starter Templates – AI-Powered Templates 4.2.0
Starter Templates – AI-Powered Templates 4.2.1
Starter Templates – AI-Powered Templates 4.2.2
Starter Templates – AI-Powered Templates 4.2.3
Starter Templates – AI-Powered Templates 4.2.4
Starter Templates – AI-Powered Templates 4.2.5
Starter Templates – AI-Powered Templates 4.2.6
Starter Templates – AI-Powered Templates 4.3.0
Starter Templates – AI-Powered Templates 4.3.1
Starter Templates – AI-Powered Templates 4.3.2
Starter Templates – AI-Powered Templates 4.3.3
Starter Templates – AI-Powered Templates 4.3.4
Starter Templates – AI-Powered Templates 4.3.5
Starter Templates – AI-Powered Templates 4.3.6
Starter Templates – AI-Powered Templates 4.3.7
Starter Templates – AI-Powered Templates 4.3.8
Starter Templates – AI-Powered Templates 4.3.9
Starter Templates – AI-Powered Templates 4.4.0
Starter Templates – AI-Powered Templates 4.4.1
Starter Templates – AI-Powered Templates 4.4.2
Starter Templates – AI-Powered Templates 4.4.3
Starter Templates – AI-Powered Templates 4.4.4
Starter Templates – AI-Powered Templates 4.4.5
Starter Templates – AI-Powered Templates 4.4.6
Starter Templates – AI-Powered Templates 4.4.7
Starter Templates – AI-Powered Templates 4.4.8
Starter Templates – AI-Powered Templates 4.4.9

Authenticated (contributor+) stored cross-site scripting via shortcode

Skrevet den 4. marts 2026 af i Ninja Forms – The Contact Form Builder

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.8.4
Ninja Forms – The Contact Form Builder 3.8.5
Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15
Ninja Forms – The Contact Form Builder 3.8.16
Ninja Forms – The Contact Form Builder 3.8.17
Ninja Forms – The Contact Form Builder 3.8.18
Ninja Forms – The Contact Form Builder 3.8.19
Ninja Forms – The Contact Form Builder 3.8.20
Ninja Forms – The Contact Form Builder 3.8.21
Ninja Forms – The Contact Form Builder 3.8.22
Ninja Forms – The Contact Form Builder 3.8.23
Ninja Forms – The Contact Form Builder 3.8.24

SQL injection in tasks

Skrevet den 4. marts 2026 af i WP Mail SMTP

Parameterized the cleanup query in remove_completed() using $wpdb->prepare() to safely bind the action hook and status (and limit), preventing SQL injection risks from dynamic values when deleting completed Action Scheduler entries.

This vulnerability affects the following application versions:

WP Mail SMTP 4.1.0
WP Mail SMTP 4.1.1

Authenticated Sensitive Information Exposure

Skrevet den 4. marts 2026 af i Website Builder by SeedProd

Due to a missing capability check, authenticated users with Subscriber-level permissions or higher can access and read private landing page revisions. This could lead to the exposure of sensitive draft content or upcoming site changes.

This vulnerability affects the following application versions:

Website Builder by SeedProd 6.0.5
Website Builder by SeedProd 6.0.6
Website Builder by SeedProd 6.0.7
Website Builder by SeedProd 6.0.8
Website Builder by SeedProd 6.0.8.1
Website Builder by SeedProd 6.0.8.2
Website Builder by SeedProd 6.0.8.3
Website Builder by SeedProd 6.0.8.4
Website Builder by SeedProd 6.0.8.5
Website Builder by SeedProd 6.0.9.0
Website Builder by SeedProd 6.0.10.1
Website Builder by SeedProd 6.0.11.1
Website Builder by SeedProd 6.2.0
Website Builder by SeedProd 6.2.1
Website Builder by SeedProd 6.2.2
Website Builder by SeedProd 6.2.3
Website Builder by SeedProd 6.2.4
Website Builder by SeedProd 6.2.5
Website Builder by SeedProd 6.6.0
Website Builder by SeedProd 6.9.0.8
Website Builder by SeedProd 6.10.0
Website Builder by SeedProd 6.12.0
Website Builder by SeedProd 6.12.2
Website Builder by SeedProd 6.13.0
Website Builder by SeedProd 6.13.1
Website Builder by SeedProd 6.15.3
Website Builder by SeedProd 6.15.4
Website Builder by SeedProd 6.15.6
Website Builder by SeedProd 6.15.7
Website Builder by SeedProd 6.15.13.1
Website Builder by SeedProd 6.15.15.3
Website Builder by SeedProd 6.15.18
Website Builder by SeedProd 6.15.19
Website Builder by SeedProd 6.15.20
Website Builder by SeedProd 6.15.21
Website Builder by SeedProd 6.15.22
Website Builder by SeedProd 6.15.23
Website Builder by SeedProd 6.17.4
Website Builder by SeedProd 6.18.4
Website Builder by SeedProd 6.18.5
Website Builder by SeedProd 6.18.9
Website Builder by SeedProd 6.18.10
Website Builder by SeedProd 6.18.11
Website Builder by SeedProd 6.18.12
Website Builder by SeedProd 6.18.14
Website Builder by SeedProd 6.18.15

Unauthenticated Stored Cross-Site Scripting via Form Calculations

Skrevet den 4. marts 2026 af i Ninja Forms – The Contact Form Builder

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.1.10
Ninja Forms – The Contact Form Builder 3.2.28
Ninja Forms – The Contact Form Builder 3.3.21.4
Ninja Forms – The Contact Form Builder 3.4.34.2
Ninja Forms – The Contact Form Builder 3.4.34.3
Ninja Forms – The Contact Form Builder 3.5.8.4
Ninja Forms – The Contact Form Builder 3.5.8.5
Ninja Forms – The Contact Form Builder 3.6.34
Ninja Forms – The Contact Form Builder 3.6.34.1
Ninja Forms – The Contact Form Builder 3.7.3
Ninja Forms – The Contact Form Builder 3.7.3.1
Ninja Forms – The Contact Form Builder 3.8.0
Ninja Forms – The Contact Form Builder 3.8.1
Ninja Forms – The Contact Form Builder 3.8.2
Ninja Forms – The Contact Form Builder 3.8.3
Ninja Forms – The Contact Form Builder 3.8.4
Ninja Forms – The Contact Form Builder 3.8.5
Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15
Ninja Forms – The Contact Form Builder 3.8.16
Ninja Forms – The Contact Form Builder 3.8.17
Ninja Forms – The Contact Form Builder 3.8.18
Ninja Forms – The Contact Form Builder 3.8.19

Access control in menu page

Skrevet den 4. marts 2026 af i Popup Builder by OptinMonster

Added a capability check (current_user_can) before registering OptinMonster admin menu pages, preventing users without the required capability from accessing or registering the menu pages. This hardens admin access control and avoids exposing admin screens to unauthorized users.

This vulnerability affects the following application versions:

Popup Builder by OptinMonster 2.5.2
Popup Builder by OptinMonster 2.5.3
Popup Builder by OptinMonster 2.6.2
Popup Builder by OptinMonster 2.6.3
Popup Builder by OptinMonster 2.6.4
Popup Builder by OptinMonster 2.6.5
Popup Builder by OptinMonster 2.6.6
Popup Builder by OptinMonster 2.6.7
Popup Builder by OptinMonster 2.6.8
Popup Builder by OptinMonster 2.6.9
Popup Builder by OptinMonster 2.6.10
Popup Builder by OptinMonster 2.6.11
Popup Builder by OptinMonster 2.6.12
Popup Builder by OptinMonster 2.7.0
Popup Builder by OptinMonster 2.8.0
Popup Builder by OptinMonster 2.8.1
Popup Builder by OptinMonster 2.9.0
Popup Builder by OptinMonster 2.10.0
Popup Builder by OptinMonster 2.11.0
Popup Builder by OptinMonster 2.11.1
Popup Builder by OptinMonster 2.11.2
Popup Builder by OptinMonster 2.12.0
Popup Builder by OptinMonster 2.12.1
Popup Builder by OptinMonster 2.13.0
Popup Builder by OptinMonster 2.13.1
Popup Builder by OptinMonster 2.13.2
Popup Builder by OptinMonster 2.13.3
Popup Builder by OptinMonster 2.13.4
Popup Builder by OptinMonster 2.13.5
Popup Builder by OptinMonster 2.13.6
Popup Builder by OptinMonster 2.13.7
Popup Builder by OptinMonster 2.13.8
Popup Builder by OptinMonster 2.14.0
Popup Builder by OptinMonster 2.14.1
Popup Builder by OptinMonster 2.15.0
Popup Builder by OptinMonster 2.15.1
Popup Builder by OptinMonster 2.15.2
Popup Builder by OptinMonster 2.15.3
Popup Builder by OptinMonster 2.16.0
Popup Builder by OptinMonster 2.16.1
Popup Builder by OptinMonster 2.16.2
Popup Builder by OptinMonster 2.16.3
Popup Builder by OptinMonster 2.16.4
Popup Builder by OptinMonster 2.16.5
Popup Builder by OptinMonster 2.16.6
Popup Builder by OptinMonster 2.16.7

Add missing authorization checks in Plugins controller

Skrevet den 18. februar 2026 af i Elementor Website Builder

This update enforces strict manage_options capability checks for plugin status and migration requests to prevent unauthorized access. It ensures only administrators can trigger these sensitive management functions via the REST API.

This vulnerability affects the following application versions:

Elementor Website Builder 3.34.2
Elementor Website Builder 3.34.3
Elementor Website Builder 3.35.0-beta1
Elementor Website Builder 3.35.0-beta2
Elementor Website Builder 3.35.0-beta3
Elementor Website Builder 3.35.0-dev1
Elementor Website Builder 3.35.0-dev2
Elementor Website Builder 3.35.0-dev3

Cross-site scripting via insufficient output escaping in admin templates

Skrevet den 18. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

Multiple admin template files fail to properly escape dynamic content before output, allowing cross-site scripting (XSS) attacks. Unescaped variables including nonces, URLs, and user-supplied text are directly echoed in JavaScript handlers, HTML attributes, and content. An attacker could inject malicious scripts through filter hooks, potentially compromising administrator sessions. The fix implements appropriate WordPress escaping functions for each output context.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.13.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.0
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.0
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.25
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.26
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.28
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.29
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.32
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.34
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.35
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.36
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.37
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.40
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.41
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.42
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.43
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.44
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.45
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.46
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.47
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.48
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.49
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.50
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.51
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.53
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.55
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.56
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.59
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.60
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.61
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.62
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.63
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.64
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.65
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.66
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.67
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.68
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.69
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.18
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.19
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Cross-site Scripting in admin notices

Skrevet den 18. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

Cross-site Scripting in admin notices

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.13.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.13.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.14.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.0
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.15.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.0
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.25
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.26
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.28
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.29
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.32
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.34
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.35
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.36
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.37
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.40
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.41
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.42
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.43
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.44
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.45
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.46
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.47
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.48
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.49
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.50
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.51
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.53
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.55
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.56
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.59
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.60
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.61
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.62
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.63
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.64
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.65
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.66
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.67
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.68
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.69
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.18
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.19
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Reflected cross-site scripting in multiple admin modules

Skrevet den 18. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

Multiple admin modules in UpdraftPlus did not properly escape output before rendering in HTML. This could allow attackers to inject malicious scripts via crafted

input or error responses, potentially leading to script execution in the administrator’s browser.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.16.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.25
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.26
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.28
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.29
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.32
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.34
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.35
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.36
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.37
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.40
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.41
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.42
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.43
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.44
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.45
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.46
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.47
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.48
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.49
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.50
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.51
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.53
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.55
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.56
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.59
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.60
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.61
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.62
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.63
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.64
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.65
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.66
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.67
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.68
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.69
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.18
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.19
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Multiple cross-site scripting vulnerabilities in plugin admin templates

Skrevet den 12. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

Multiple Cross-Site Scripting (XSS) vulnerabilities were identified across eight template files in the UpdraftPlus WordPress backup plugin’s admin interface due to insufficient output escaping. These vulnerabilities could allow authenticated attackers with administrative access to inject malicious scripts through various vectors including URLs, form inputs, plugin settings, and dynamic content rendering. Affected components include the premium add-ons page, backup management interface, migration tools, UpdraftCentral connection forms, file upload modals, navigation tabs, and header elements. The vulnerabilities were remediated by implementing proper WordPress escaping functions (esc_url(), esc_html(), esc_attr(), wp_kses(), and wp_kses_post()) throughout all affected template files.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.16.59
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.60
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.61
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.62
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.63
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.64
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.65
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.66
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.67
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.68
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.69
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.18
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.19
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Reflected cross-site scripting in multiple remote storage modules

Skrevet den 12. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

Multiple remote storage modules in UpdraftPlus did not properly escape output before rendering in HTML. Affected files include the S3, OpenStack

base, template, and insufficient PHP handlers. User-controllable data such as CSS classes, URLs, storage method names, error messages, exception details, HTTP

response codes, and PHP version information were echoed directly without sanitization. This could allow attackers to inject malicious scripts via crafted

input or error responses, potentially leading to script execution in the administrator’s browser.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Authenticated (Contributor+) Stored Cross-Site Scripting in event calendar

Skrevet den 3. februar 2026 af i Essential Addons for Elementor

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output escaping in the Event Calendar widget’s custom attributes handling and the Image Masking module’s element ID rendering. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9
Essential Addons for Elementor 6.1.10
Essential Addons for Elementor 6.1.11
Essential Addons for Elementor 6.1.12
Essential Addons for Elementor 6.1.13
Essential Addons for Elementor 6.1.14
Essential Addons for Elementor 6.1.15
Essential Addons for Elementor 6.1.17
Essential Addons for Elementor 6.1.18
Essential Addons for Elementor 6.1.19
Essential Addons for Elementor 6.1.20
Essential Addons for Elementor 6.2.0
Essential Addons for Elementor 6.2.1
Essential Addons for Elementor 6.2.2
Essential Addons for Elementor 6.2.3
Essential Addons for Elementor 6.2.4
Essential Addons for Elementor 6.3.0
Essential Addons for Elementor 6.3.1
Essential Addons for Elementor 6.3.2
Essential Addons for Elementor 6.3.3
Essential Addons for Elementor 6.4.0
Essential Addons for Elementor 6.5.0
Essential Addons for Elementor 6.5.1
Essential Addons for Elementor 6.5.2
Essential Addons for Elementor 6.5.3

Information disclosure via unconditional error logging

Skrevet den 3. februar 2026 af i Disable Comments – Remove Comments & Stop Spam

The plugin writes error messages to server log files even on production websites. If someone has access to read those log files, they could see internal details about your WordPress site when errors occur.

This vulnerability affects the following application versions:

Disable Comments – Remove Comments & Stop Spam 2.5.3

Multiple cross-site scripting vulnerabilities due to insufficient output escaping

Skrevet den 3. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

Multiple files contain insufficient output escaping, allowing potential Cross-Site Scripting (XSS) attacks. User-controlled data, exception messages, URLs, and JavaScript contexts were not properly sanitized before output, enabling attackers to inject malicious scripts

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

XSS via search/replace section

Skrevet den 3. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

The updraft plus search/replace section was not properly sanitized or escaped to prevent an XSS attack.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.16.60
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.61
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.62
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.63
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.64
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.65
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.66
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.67
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.68
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.69
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.18
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.19
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Multiple instances of reflected/stored XSS resulting from unescaped output in HTML contexts

Skrevet den 3. februar 2026 af i UpdraftPlus: WordPress Backup & Migration Plugin

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Enforce Product Visibility and Access Controls

Skrevet den 3. februar 2026 af i Essential Addons for Elementor

This update introduces additional security checks to ensure proper product visibility and access control within the Quick View feature. It verifies that a product exists and is publicly visible before allowing access, preventing unauthorized or unintended exposure. For non-admin users, the post status is also validated to ensure only appropriate content can be viewed, further strengthening access restrictions and overall security.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9
Essential Addons for Elementor 6.1.10
Essential Addons for Elementor 6.1.11
Essential Addons for Elementor 6.1.12
Essential Addons for Elementor 6.1.13
Essential Addons for Elementor 6.1.14
Essential Addons for Elementor 6.1.15
Essential Addons for Elementor 6.1.17
Essential Addons for Elementor 6.1.18
Essential Addons for Elementor 6.1.19
Essential Addons for Elementor 6.1.20
Essential Addons for Elementor 6.2.0
Essential Addons for Elementor 6.2.1
Essential Addons for Elementor 6.2.2
Essential Addons for Elementor 6.2.3
Essential Addons for Elementor 6.2.4
Essential Addons for Elementor 6.3.0
Essential Addons for Elementor 6.3.1
Essential Addons for Elementor 6.3.2
Essential Addons for Elementor 6.3.3
Essential Addons for Elementor 6.4.0
Essential Addons for Elementor 6.5.0
Essential Addons for Elementor 6.5.1
Essential Addons for Elementor 6.5.2
Essential Addons for Elementor 6.5.3
Essential Addons for Elementor 6.5.4
Essential Addons for Elementor 6.5.5

Store API Guest Order Data Exposure

Skrevet den 3. februar 2026 af i WooCommerce

A critical vulnerability was discovered in WooCommerce (versions 8.1 to 10.4.2) that, if exploited, could allow logged-in customers to access order details belonging to guest customers. This vulnerability affected the WooCommerce Store API and has the potential to expose customer order information. We currently have no evidence of the vulnerability being used or exploited outside of our own security testing progra

This vulnerability affects the following application versions:

WooCommerce 10.0.0
WooCommerce 10.0.0-rc.1
WooCommerce 10.0.0-rc.2
WooCommerce 10.0.1
WooCommerce 10.0.2
WooCommerce 10.0.3
WooCommerce 10.0.4
WooCommerce 10.1.0
WooCommerce 10.1.0-rc.1
WooCommerce 10.1.0-rc.2
WooCommerce 10.1.0-rc.3
WooCommerce 10.1.0-rc.4
WooCommerce 10.1.1
WooCommerce 10.1.2
WooCommerce 10.2.0
WooCommerce 10.2.0-beta.1
WooCommerce 10.2.0-beta.2
WooCommerce 10.2.0-rc.1
WooCommerce 10.2.1
WooCommerce 10.2.2
WooCommerce 10.3.0
WooCommerce 10.3.0-beta.1
WooCommerce 10.3.0-beta.2
WooCommerce 10.3.0-rc.1
WooCommerce 10.3.0-rc.2
WooCommerce 10.3.1
WooCommerce 10.3.2
WooCommerce 10.3.3
WooCommerce 10.3.4
WooCommerce 10.3.5
WooCommerce 10.3.6
WooCommerce 10.4.0
WooCommerce 10.4.0-beta.1
WooCommerce 10.4.0-beta.2
WooCommerce 10.4.0-rc.1
WooCommerce 10.4.1
WooCommerce 10.4.2
WooCommerce 8.6.0
WooCommerce 8.6.0-rc.1
WooCommerce 8.6.1
WooCommerce 8.6.2
WooCommerce 8.7.0
WooCommerce 8.7.0-beta.1
WooCommerce 8.7.0-beta.2
WooCommerce 8.7.0-rc.1
WooCommerce 8.7.1
WooCommerce 8.8.0
WooCommerce 8.8.0-beta.1
WooCommerce 8.8.0-rc.1
WooCommerce 8.8.1
WooCommerce 8.8.2
WooCommerce 8.8.3
WooCommerce 8.8.4
WooCommerce 8.8.5
WooCommerce 8.9.0
WooCommerce 8.9.0-beta.1
WooCommerce 8.9.0-rc.1
WooCommerce 8.9.1
WooCommerce 8.9.2
WooCommerce 8.9.3
WooCommerce 9.0.0
WooCommerce 9.0.0-beta.1
WooCommerce 9.0.0-beta.2
WooCommerce 9.0.0-rc.1
WooCommerce 9.0.1
WooCommerce 9.0.2
WooCommerce 9.1.0
WooCommerce 9.1.0-beta.1
WooCommerce 9.1.0-rc.1
WooCommerce 9.1.1
WooCommerce 9.1.2
WooCommerce 9.1.3
WooCommerce 9.1.4
WooCommerce 9.2.0
WooCommerce 9.2.0-beta.1
WooCommerce 9.2.0-rc.1
WooCommerce 9.2.1
WooCommerce 9.2.2
WooCommerce 9.2.3
WooCommerce 9.3.0
WooCommerce 9.3.0-beta.1
WooCommerce 9.3.0-rc.1
WooCommerce 9.3.1
WooCommerce 9.3.2
WooCommerce 9.3.3
WooCommerce 9.3.4
WooCommerce 9.4.0
WooCommerce 9.4.0-beta.1
WooCommerce 9.4.0-beta.2
WooCommerce 9.4.0-rc.1
WooCommerce 9.4.0-rc.2
WooCommerce 9.4.0-rc.3
WooCommerce 9.4.0-rc.4
WooCommerce 9.4.1
WooCommerce 9.4.2
WooCommerce 9.4.3
WooCommerce 9.5.0
WooCommerce 9.5.0-beta.1
WooCommerce 9.5.0-beta.2
WooCommerce 9.5.0-rc.1
WooCommerce 9.5.1
WooCommerce 9.5.2
WooCommerce 9.6.0
WooCommerce 9.6.0-beta.1
WooCommerce 9.6.0-beta.2
WooCommerce 9.6.0-rc.1
WooCommerce 9.6.1
WooCommerce 9.6.2
WooCommerce 9.7.0
WooCommerce 9.7.0-beta.1
WooCommerce 9.7.0-rc.1
WooCommerce 9.7.1
WooCommerce 9.8.0
WooCommerce 9.8.0-beta.1
WooCommerce 9.8.0-rc.1
WooCommerce 9.8.1
WooCommerce 9.8.2
WooCommerce 9.8.3
WooCommerce 9.8.4
WooCommerce 9.8.5
WooCommerce 9.9.0
WooCommerce 9.9.0-beta.1
WooCommerce 9.9.0-rc.1
WooCommerce 9.9.1
WooCommerce 9.9.2
WooCommerce 9.9.3
WooCommerce 9.9.4
WooCommerce 9.9.5
WooCommerce trunk-snapshot

HTML injection in post titles

Skrevet den 3. februar 2026 af i Advanced Custom Fields (ACF)

The plugin is vulnerable to HTML Injection due to the plugin nor properly neutralizing unsafe HTML. This makes it possible for authenticated attackers, with administrator-level access and above, to inject potentially malicious HTML.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 5.7.3
Advanced Custom Fields (ACF) 5.7.4
Advanced Custom Fields (ACF) 5.7.5
Advanced Custom Fields (ACF) 5.7.6
Advanced Custom Fields (ACF) 5.7.7
Advanced Custom Fields (ACF) 5.7.8
Advanced Custom Fields (ACF) 5.7.9
Advanced Custom Fields (ACF) 5.7.10
Advanced Custom Fields (ACF) 5.7.12
Advanced Custom Fields (ACF) 5.7.13
Advanced Custom Fields (ACF) 5.8.0
Advanced Custom Fields (ACF) 5.8.1
Advanced Custom Fields (ACF) 5.8.2
Advanced Custom Fields (ACF) 5.8.3
Advanced Custom Fields (ACF) 5.8.4
Advanced Custom Fields (ACF) 5.8.5
Advanced Custom Fields (ACF) 5.8.6
Advanced Custom Fields (ACF) 5.8.7
Advanced Custom Fields (ACF) 5.8.8
Advanced Custom Fields (ACF) 5.8.9
Advanced Custom Fields (ACF) 5.8.10
Advanced Custom Fields (ACF) 5.8.11
Advanced Custom Fields (ACF) 5.8.12
Advanced Custom Fields (ACF) 5.8.13
Advanced Custom Fields (ACF) 5.8.14
Advanced Custom Fields (ACF) 5.9.0
Advanced Custom Fields (ACF) 5.9.1
Advanced Custom Fields (ACF) 5.9.2
Advanced Custom Fields (ACF) 5.9.3
Advanced Custom Fields (ACF) 5.9.4
Advanced Custom Fields (ACF) 5.9.5
Advanced Custom Fields (ACF) 5.9.6
Advanced Custom Fields (ACF) 5.9.7
Advanced Custom Fields (ACF) 5.9.8
Advanced Custom Fields (ACF) 5.9.9
Advanced Custom Fields (ACF) 5.10
Advanced Custom Fields (ACF) 5.10.1
Advanced Custom Fields (ACF) 5.10.2
Advanced Custom Fields (ACF) 5.11
Advanced Custom Fields (ACF) 5.11.1
Advanced Custom Fields (ACF) 5.11.2
Advanced Custom Fields (ACF) 5.11.3
Advanced Custom Fields (ACF) 5.11.4
Advanced Custom Fields (ACF) 5.12
Advanced Custom Fields (ACF) 5.12.1
Advanced Custom Fields (ACF) 5.12.2
Advanced Custom Fields (ACF) 5.12.3
Advanced Custom Fields (ACF) 5.12.4
Advanced Custom Fields (ACF) 5.12.5
Advanced Custom Fields (ACF) 5.12.6
Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1
Advanced Custom Fields (ACF) 6.3.2
Advanced Custom Fields (ACF) 6.3.3
Advanced Custom Fields (ACF) 6.3.4
Advanced Custom Fields (ACF) 6.3.5
Advanced Custom Fields (ACF) 6.3.6
Advanced Custom Fields (ACF) 6.3.6.1
Advanced Custom Fields (ACF) 6.3.6.2
Advanced Custom Fields (ACF) 6.3.6.3
Advanced Custom Fields (ACF) 6.3.9
Advanced Custom Fields (ACF) 6.3.10.2
Advanced Custom Fields (ACF) 6.3.11
Advanced Custom Fields (ACF) 6.3.12
Advanced Custom Fields (ACF) 6.4.0
Advanced Custom Fields (ACF) 6.4.0.1
Advanced Custom Fields (ACF) 6.4.1
Advanced Custom Fields (ACF) 6.4.2

Code security enforcement in site navigation module

Skrevet den 27. januar 2026 af i Elementor Website Builder

Code security enforcement in site navigation module for add-new-post and duplicate-post endpoints

This vulnerability affects the following application versions:

Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4
Elementor Website Builder 3.29.1
Elementor Website Builder 3.29.2
Elementor Website Builder 3.30.0
Elementor Website Builder 3.30.0-beta1
Elementor Website Builder 3.30.0-beta2
Elementor Website Builder 3.30.0-beta3
Elementor Website Builder 3.30.0-dev1
Elementor Website Builder 3.30.0-dev2
Elementor Website Builder 3.30.0-dev3
Elementor Website Builder 3.30.1
Elementor Website Builder 3.30.2
Elementor Website Builder 3.30.3
Elementor Website Builder 3.30.4
Elementor Website Builder 3.31.0
Elementor Website Builder 3.31.0-beta1
Elementor Website Builder 3.31.0-beta2
Elementor Website Builder 3.31.0-dev1
Elementor Website Builder 3.31.0-dev2
Elementor Website Builder 3.31.1
Elementor Website Builder 3.31.2
Elementor Website Builder 3.31.3
Elementor Website Builder 3.31.4
Elementor Website Builder 3.31.5
Elementor Website Builder 3.32.0
Elementor Website Builder 3.32.0-beta1
Elementor Website Builder 3.32.0-beta2
Elementor Website Builder 3.32.0-beta3
Elementor Website Builder 3.32.0-dev1
Elementor Website Builder 3.32.0-dev2
Elementor Website Builder 3.32.0-dev3
Elementor Website Builder 3.32.1
Elementor Website Builder 3.32.2
Elementor Website Builder 3.32.3
Elementor Website Builder 3.32.4
Elementor Website Builder 3.32.5
Elementor Website Builder 3.33.0
Elementor Website Builder 3.33.0-beta1
Elementor Website Builder 3.33.0-beta2
Elementor Website Builder 3.33.0-beta3
Elementor Website Builder 3.33.0-beta4
Elementor Website Builder 3.33.0-dev1
Elementor Website Builder 3.33.0-dev2
Elementor Website Builder 3.33.0-dev3
Elementor Website Builder 3.33.0-dev4
Elementor Website Builder 3.33.1
Elementor Website Builder 3.33.2
Elementor Website Builder 3.33.3
Elementor Website Builder 3.33.4
Elementor Website Builder 3.34.0-beta1
Elementor Website Builder 3.34.0-beta2
Elementor Website Builder 3.34.0-dev1
Elementor Website Builder 3.34.0-dev2

Fix unauthorized access to post metadata

Skrevet den 27. januar 2026 af i Yoast SEO

Ensures users without the required capabilities cannot read post metadata they are not permitted to access.

This vulnerability affects the following application versions:

Yoast SEO 19.6
Yoast SEO 19.6.1
Yoast SEO 19.7
Yoast SEO 19.7.1
Yoast SEO 19.7.2
Yoast SEO 19.8
Yoast SEO 19.9
Yoast SEO 19.10
Yoast SEO 19.11
Yoast SEO 19.12
Yoast SEO 19.13
Yoast SEO 19.14
Yoast SEO 20.0
Yoast SEO 20.1
Yoast SEO 20.2
Yoast SEO 20.2.1
Yoast SEO 20.3
Yoast SEO 20.4
Yoast SEO 20.5
Yoast SEO 20.6
Yoast SEO 20.7
Yoast SEO 20.8
Yoast SEO 20.9
Yoast SEO 20.10
Yoast SEO 20.11
Yoast SEO 20.12
Yoast SEO 20.13
Yoast SEO 21.0
Yoast SEO 21.1
Yoast SEO 21.2
Yoast SEO 21.3
Yoast SEO 21.4
Yoast SEO 21.5
Yoast SEO 21.6
Yoast SEO 21.7
Yoast SEO 21.8
Yoast SEO 21.8.1
Yoast SEO 21.9
Yoast SEO 21.9.1
Yoast SEO 22.0
Yoast SEO 22.1
Yoast SEO 22.2
Yoast SEO 22.3
Yoast SEO 22.4
Yoast SEO 22.5
Yoast SEO 22.6
Yoast SEO 22.7
Yoast SEO 22.8
Yoast SEO 22.9
Yoast SEO 23.0
Yoast SEO 23.1
Yoast SEO 23.2
Yoast SEO 23.3
Yoast SEO 23.4
Yoast SEO 23.5
Yoast SEO 23.6
Yoast SEO 23.7
Yoast SEO 23.8
Yoast SEO 23.9
Yoast SEO 24.0
Yoast SEO 24.1
Yoast SEO 24.2
Yoast SEO 24.3
Yoast SEO 24.4
Yoast SEO 24.5
Yoast SEO 24.6
Yoast SEO 24.7
Yoast SEO 24.8
Yoast SEO 24.8.1
Yoast SEO 24.9
Yoast SEO 25.0
Yoast SEO 25.1
Yoast SEO 25.2
Yoast SEO 25.3
Yoast SEO 25.3.1
Yoast SEO 25.4
Yoast SEO 25.5
Yoast SEO 25.6
Yoast SEO 25.7
Yoast SEO 25.8
Yoast SEO 25.9
Yoast SEO 26.0
Yoast SEO 26.1
Yoast SEO 26.1.1
Yoast SEO 26.2
Yoast SEO 26.3
Yoast SEO 26.4
Yoast SEO 26.5

Stored cross-site scripting (XSS) in text editor widget

Skrevet den 27. januar 2026 af i Elementor Website Builder

The Elementor Text Editor widget is vulnerable to stored XSS due to insufficient output sanitization. In the render() method, the $editor_content variable is echoed directly without escaping. An authenticated attacker with content editing capabilities could inject malicious JavaScript that executes in the browsers of users viewing the affected page.

This vulnerability affects the following application versions:

Elementor Website Builder 2.8.0
Elementor Website Builder 2.8.0-beta1
Elementor Website Builder 2.8.0-beta2
Elementor Website Builder 2.8.0-beta3
Elementor Website Builder 2.8.0-beta4
Elementor Website Builder 2.8.1
Elementor Website Builder 2.8.2
Elementor Website Builder 2.8.3
Elementor Website Builder 2.8.4
Elementor Website Builder 2.8.5
Elementor Website Builder 2.9.0
Elementor Website Builder 2.9.0-beta1
Elementor Website Builder 2.9.0-beta2
Elementor Website Builder 2.9.0-beta3
Elementor Website Builder 2.9.0-beta4
Elementor Website Builder 2.9.0-beta5
Elementor Website Builder 2.9.1
Elementor Website Builder 2.9.2
Elementor Website Builder 2.9.3
Elementor Website Builder 2.9.4
Elementor Website Builder 2.9.5
Elementor Website Builder 2.9.6
Elementor Website Builder 2.9.7
Elementor Website Builder 2.9.8
Elementor Website Builder 2.9.9
Elementor Website Builder 2.9.10
Elementor Website Builder 2.9.11
Elementor Website Builder 2.9.12
Elementor Website Builder 2.9.13
Elementor Website Builder 2.9.14
Elementor Website Builder 3.0.0
Elementor Website Builder 3.0.0-beta1
Elementor Website Builder 3.0.0-beta2
Elementor Website Builder 3.0.0-beta3
Elementor Website Builder 3.0.0-beta4
Elementor Website Builder 3.0.0-beta5
Elementor Website Builder 3.0.0-beta6
Elementor Website Builder 3.0.1
Elementor Website Builder 3.0.2
Elementor Website Builder 3.0.3
Elementor Website Builder 3.0.4
Elementor Website Builder 3.0.5
Elementor Website Builder 3.0.6
Elementor Website Builder 3.0.7
Elementor Website Builder 3.0.8
Elementor Website Builder 3.0.8.1
Elementor Website Builder 3.0.9
Elementor Website Builder 3.0.10
Elementor Website Builder 3.0.11
Elementor Website Builder 3.0.12
Elementor Website Builder 3.0.13
Elementor Website Builder 3.0.14
Elementor Website Builder 3.0.15
Elementor Website Builder 3.0.16
Elementor Website Builder 3.1.0
Elementor Website Builder 3.1.0-beta1
Elementor Website Builder 3.1.0-beta2
Elementor Website Builder 3.1.0-beta3
Elementor Website Builder 3.1.0-beta4
Elementor Website Builder 3.1.0-dev1
Elementor Website Builder 3.1.0-dev2
Elementor Website Builder 3.1.0-dev3
Elementor Website Builder 3.1.0-dev4
Elementor Website Builder 3.1.1
Elementor Website Builder 3.1.2
Elementor Website Builder 3.1.3
Elementor Website Builder 3.1.4
Elementor Website Builder 3.2.0
Elementor Website Builder 3.2.0-beta1
Elementor Website Builder 3.2.0-beta2
Elementor Website Builder 3.2.0-beta3
Elementor Website Builder 3.2.0-beta4
Elementor Website Builder 3.2.0-dev1
Elementor Website Builder 3.2.0-dev2
Elementor Website Builder 3.2.0-dev3
Elementor Website Builder 3.2.0-dev4
Elementor Website Builder 3.2.0-dev5
Elementor Website Builder 3.2.0-dev6
Elementor Website Builder 3.2.0-dev7
Elementor Website Builder 3.2.0-dev8
Elementor Website Builder 3.2.1
Elementor Website Builder 3.2.2
Elementor Website Builder 3.2.3
Elementor Website Builder 3.2.4
Elementor Website Builder 3.2.5
Elementor Website Builder 3.3.0
Elementor Website Builder 3.3.0-beta1
Elementor Website Builder 3.3.0-beta2
Elementor Website Builder 3.3.0-beta3
Elementor Website Builder 3.3.0-beta4
Elementor Website Builder 3.3.0-beta5
Elementor Website Builder 3.3.0-dev1
Elementor Website Builder 3.3.0-dev2
Elementor Website Builder 3.3.0-dev3
Elementor Website Builder 3.3.0-dev4
Elementor Website Builder 3.3.0-dev5
Elementor Website Builder 3.3.0-dev6
Elementor Website Builder 3.3.0-dev7
Elementor Website Builder 3.3.0-dev8
Elementor Website Builder 3.3.0-dev9
Elementor Website Builder 3.3.0-dev10
Elementor Website Builder 3.3.0-dev11
Elementor Website Builder 3.3.0-dev12
Elementor Website Builder 3.3.0-dev13
Elementor Website Builder 3.3.0-dev14
Elementor Website Builder 3.3.0-dev15
Elementor Website Builder 3.3.1
Elementor Website Builder 3.4.0
Elementor Website Builder 3.4.0-beta1
Elementor Website Builder 3.4.0-beta2
Elementor Website Builder 3.4.0-beta3
Elementor Website Builder 3.4.0-beta4
Elementor Website Builder 3.4.0-beta5
Elementor Website Builder 3.4.0-dev1
Elementor Website Builder 3.4.0-dev2
Elementor Website Builder 3.4.0-dev3
Elementor Website Builder 3.4.0-dev4
Elementor Website Builder 3.4.0-dev5
Elementor Website Builder 3.4.0-dev6
Elementor Website Builder 3.4.0-dev7
Elementor Website Builder 3.4.0-dev8
Elementor Website Builder 3.4.0-dev9
Elementor Website Builder 3.4.0-dev10
Elementor Website Builder 3.4.0-dev11
Elementor Website Builder 3.4.0-dev12
Elementor Website Builder 3.4.0-dev13
Elementor Website Builder 3.4.1
Elementor Website Builder 3.4.2
Elementor Website Builder 3.4.3
Elementor Website Builder 3.4.4
Elementor Website Builder 3.4.5
Elementor Website Builder 3.4.6
Elementor Website Builder 3.4.7
Elementor Website Builder 3.4.8
Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev1
Elementor Website Builder 3.5.0-dev2
Elementor Website Builder 3.5.0-dev3
Elementor Website Builder 3.5.0-dev4
Elementor Website Builder 3.5.0-dev5
Elementor Website Builder 3.5.0-dev6
Elementor Website Builder 3.5.0-dev7
Elementor Website Builder 3.5.0-dev8
Elementor Website Builder 3.5.0-dev9
Elementor Website Builder 3.5.0-dev10
Elementor Website Builder 3.5.0-dev11
Elementor Website Builder 3.5.0-dev12
Elementor Website Builder 3.5.0-dev13
Elementor Website Builder 3.5.0-dev14
Elementor Website Builder 3.5.0-dev15
Elementor Website Builder 3.5.0-dev16
Elementor Website Builder 3.5.0-dev17
Elementor Website Builder 3.5.0-dev18
Elementor Website Builder 3.5.0-dev19
Elementor Website Builder 3.5.0-dev20
Elementor Website Builder 3.5.0-dev21
Elementor Website Builder 3.5.0-dev22
Elementor Website Builder 3.5.0-dev23
Elementor Website Builder 3.5.0-dev24
Elementor Website Builder 3.5.0-dev25
Elementor Website Builder 3.5.0-dev26
Elementor Website Builder 3.5.0-dev27
Elementor Website Builder 3.5.0-dev28
Elementor Website Builder 3.5.0-dev29
Elementor Website Builder 3.5.0-dev30
Elementor Website Builder 3.5.0-dev31
Elementor Website Builder 3.5.0-dev32
Elementor Website Builder 3.5.0-dev33
Elementor Website Builder 3.5.0-dev34
Elementor Website Builder 3.5.0-dev35
Elementor Website Builder 3.5.0-dev36
Elementor Website Builder 3.5.0-dev37
Elementor Website Builder 3.5.0-dev38
Elementor Website Builder 3.5.0-dev39
Elementor Website Builder 3.5.0-dev40
Elementor Website Builder 3.5.0-dev41
Elementor Website Builder 3.5.0-dev42
Elementor Website Builder 3.5.0-dev43
Elementor Website Builder 3.5.0-dev44
Elementor Website Builder 3.5.0-dev45
Elementor Website Builder 3.5.0-dev46
Elementor Website Builder 3.5.0-dev47
Elementor Website Builder 3.5.0-dev48
Elementor Website Builder 3.5.0-dev49
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4
Elementor Website Builder 3.29.1
Elementor Website Builder 3.29.2
Elementor Website Builder 3.30.0
Elementor Website Builder 3.30.0-beta1
Elementor Website Builder 3.30.0-beta2
Elementor Website Builder 3.30.0-beta3
Elementor Website Builder 3.30.0-dev1
Elementor Website Builder 3.30.0-dev2
Elementor Website Builder 3.30.0-dev3
Elementor Website Builder 3.30.1
Elementor Website Builder 3.30.2
Elementor Website Builder 3.30.3
Elementor Website Builder 3.30.4
Elementor Website Builder 3.31.0
Elementor Website Builder 3.31.0-beta1
Elementor Website Builder 3.31.0-beta2
Elementor Website Builder 3.31.0-dev1
Elementor Website Builder 3.31.0-dev2
Elementor Website Builder 3.31.1
Elementor Website Builder 3.31.2
Elementor Website Builder 3.31.3
Elementor Website Builder 3.31.4
Elementor Website Builder 3.31.5
Elementor Website Builder 3.32.0
Elementor Website Builder 3.32.0-beta1
Elementor Website Builder 3.32.0-beta2
Elementor Website Builder 3.32.0-beta3
Elementor Website Builder 3.32.0-dev1
Elementor Website Builder 3.32.0-dev2
Elementor Website Builder 3.32.0-dev3
Elementor Website Builder 3.32.1
Elementor Website Builder 3.32.2
Elementor Website Builder 3.32.3
Elementor Website Builder 3.32.4
Elementor Website Builder 3.32.5
Elementor Website Builder 3.33.0
Elementor Website Builder 3.33.0-beta1
Elementor Website Builder 3.33.0-beta2
Elementor Website Builder 3.33.0-beta3
Elementor Website Builder 3.33.0-beta4
Elementor Website Builder 3.33.0-dev1
Elementor Website Builder 3.33.0-dev2
Elementor Website Builder 3.33.0-dev3
Elementor Website Builder 3.33.0-dev4
Elementor Website Builder 3.33.1
Elementor Website Builder 3.33.2
Elementor Website Builder 3.33.3
Elementor Website Builder 3.33.4

Stored XSS vulnerability in shortcode

Skrevet den 27. januar 2026 af i Cookie Notice & Compliance for GDPR / CCPA

Stored XSS vulnerability in [cookies_accepted] shortcode via HTML

This vulnerability affects the following application versions:

Cookie Notice & Compliance for GDPR / CCPA 2.0.0
Cookie Notice & Compliance for GDPR / CCPA 2.0.1
Cookie Notice & Compliance for GDPR / CCPA 2.0.2
Cookie Notice & Compliance for GDPR / CCPA 2.0.3
Cookie Notice & Compliance for GDPR / CCPA 2.0.4
Cookie Notice & Compliance for GDPR / CCPA 2.1.0
Cookie Notice & Compliance for GDPR / CCPA 2.1.1
Cookie Notice & Compliance for GDPR / CCPA 2.1.2
Cookie Notice & Compliance for GDPR / CCPA 2.1.3
Cookie Notice & Compliance for GDPR / CCPA 2.1.4
Cookie Notice & Compliance for GDPR / CCPA 2.1.5
Cookie Notice & Compliance for GDPR / CCPA 2.2.0
Cookie Notice & Compliance for GDPR / CCPA 2.2.1
Cookie Notice & Compliance for GDPR / CCPA 2.2.2
Cookie Notice & Compliance for GDPR / CCPA 2.2.3
Cookie Notice & Compliance for GDPR / CCPA 2.3.0
Cookie Notice & Compliance for GDPR / CCPA 2.3.1
Cookie Notice & Compliance for GDPR / CCPA 2.4.0
Cookie Notice & Compliance for GDPR / CCPA 2.4.1
Cookie Notice & Compliance for GDPR / CCPA 2.4.2
Cookie Notice & Compliance for GDPR / CCPA 2.4.3
Cookie Notice & Compliance for GDPR / CCPA 2.4.4
Cookie Notice & Compliance for GDPR / CCPA 2.4.5
Cookie Notice & Compliance for GDPR / CCPA 2.4.6
Cookie Notice & Compliance for GDPR / CCPA 2.4.7
Cookie Notice & Compliance for GDPR / CCPA 2.4.8
Cookie Notice & Compliance for GDPR / CCPA 2.4.9
Cookie Notice & Compliance for GDPR / CCPA 2.4.10
Cookie Notice & Compliance for GDPR / CCPA 2.4.11
Cookie Notice & Compliance for GDPR / CCPA 2.4.11.1
Cookie Notice & Compliance for GDPR / CCPA 2.4.13
Cookie Notice & Compliance for GDPR / CCPA 2.4.14
Cookie Notice & Compliance for GDPR / CCPA 2.4.15
Cookie Notice & Compliance for GDPR / CCPA 2.4.16
Cookie Notice & Compliance for GDPR / CCPA 2.4.17
Cookie Notice & Compliance for GDPR / CCPA 2.4.17.1
Cookie Notice & Compliance for GDPR / CCPA 2.4.18
Cookie Notice & Compliance for GDPR / CCPA 2.5.0
Cookie Notice & Compliance for GDPR / CCPA 2.5.0.1
Cookie Notice & Compliance for GDPR / CCPA 2.5.1
Cookie Notice & Compliance for GDPR / CCPA 2.5.2
Cookie Notice & Compliance for GDPR / CCPA 2.5.3
Cookie Notice & Compliance for GDPR / CCPA 2.5.4
Cookie Notice & Compliance for GDPR / CCPA 2.5.5
Cookie Notice & Compliance for GDPR / CCPA 2.5.6
Cookie Notice & Compliance for GDPR / CCPA 2.5.7
Cookie Notice & Compliance for GDPR / CCPA 2.5.8

Improper sanitization of file upload data

Skrevet den 27. januar 2026 af i All-in-One WP Migration and Backup

The All-in-One WP Migration plugin incorrectly applies stripslashes_deep() to the $_FILES superglobal. This function is designed for string data like $_POST or $_GET, not for file upload metadata. Applying it to $_FILES can corrupt file paths or names, potentially leading to path traversal or unexpected file handling behavior.

This vulnerability affects the following application versions:

All-in-One WP Migration and Backup 7.98

[20260102] – XSS vectors in the pagebreak and pagenavigation plugins

Skrevet den 9. januar 2026 af i Joomla

Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins.

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 6.0.0
Joomla 6.0.1

[20260101] – Inadequate content filtering for data URLs

Skrevet den 9. januar 2026 af i Joomla

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

This vulnerability affects the following application versions:

Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 4.4.14
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3
Joomla 5.3.4
Joomla 5.4.0
Joomla 5.4.1
Joomla 6.0.0
Joomla 6.0.1

Missing Authorization in floating buttons module

Skrevet den 6. januar 2026 af i Elementor Website Builder

Due to an incorrect or missing capability check in one of the plugin’s functions, authenticated users with minimal privileges (e.g., Contributor level or higher) can perform actions they should not be authorized to execute. These unauthorized actions may allow modification of site data or manipulation of plugin behavior beyond intended access controls.

This vulnerability affects the following application versions:

Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4
Elementor Website Builder 3.29.1
Elementor Website Builder 3.29.2
Elementor Website Builder 3.30.0
Elementor Website Builder 3.30.0-beta1
Elementor Website Builder 3.30.0-beta2
Elementor Website Builder 3.30.0-beta3
Elementor Website Builder 3.30.0-dev1
Elementor Website Builder 3.30.0-dev2
Elementor Website Builder 3.30.0-dev3
Elementor Website Builder 3.30.1
Elementor Website Builder 3.30.2
Elementor Website Builder 3.30.3
Elementor Website Builder 3.30.4
Elementor Website Builder 3.31.0
Elementor Website Builder 3.31.0-beta1
Elementor Website Builder 3.31.0-beta2
Elementor Website Builder 3.31.0-dev1
Elementor Website Builder 3.31.0-dev2
Elementor Website Builder 3.31.1
Elementor Website Builder 3.31.2
Elementor Website Builder 3.31.3
Elementor Website Builder 3.31.4
Elementor Website Builder 3.31.5
Elementor Website Builder 3.32.0
Elementor Website Builder 3.32.0-beta1
Elementor Website Builder 3.32.0-beta2
Elementor Website Builder 3.32.0-beta3
Elementor Website Builder 3.32.0-dev1
Elementor Website Builder 3.32.0-dev2
Elementor Website Builder 3.32.0-dev3
Elementor Website Builder 3.32.1
Elementor Website Builder 3.32.2
Elementor Website Builder 3.32.3
Elementor Website Builder 3.32.4
Elementor Website Builder 3.32.5
Elementor Website Builder 3.33.0
Elementor Website Builder 3.33.0-beta1
Elementor Website Builder 3.33.0-beta2
Elementor Website Builder 3.33.0-beta3
Elementor Website Builder 3.33.0-beta4
Elementor Website Builder 3.33.0-dev1
Elementor Website Builder 3.33.0-dev2
Elementor Website Builder 3.33.0-dev3
Elementor Website Builder 3.33.0-dev4

Unsafe inline file preview allowing execution of untrusted file types

Skrevet den 6. januar 2026 af i Jetpack

Inline file previews were not restricted to safe MIME types, allowing potentially unsafe file formats to be rendered in the browser instead of being downloaded.

This vulnerability affects the following application versions:

Jetpack 14.6
Jetpack 14.6-a.7
Jetpack 14.6-a.9
Jetpack 14.6-beta
Jetpack 14.7
Jetpack 14.7-a.1
Jetpack 14.7-a.3
Jetpack 14.7-a.5
Jetpack 14.7-a.7
Jetpack 14.7-beta
Jetpack 14.8
Jetpack 14.8.1-vip.1
Jetpack 14.8-a.1
Jetpack 14.8-a.3
Jetpack 14.8-a.5
Jetpack 14.8-a.7
Jetpack 14.8-a.9
Jetpack 14.8-beta
Jetpack 14.9
Jetpack 14.9.1
Jetpack 14.9-a.1
Jetpack 14.9-a.3
Jetpack 14.9-a.5
Jetpack 14.9-a.7
Jetpack 14.9-beta
Jetpack 15.0
Jetpack 15.0.1
Jetpack 15.0.2
Jetpack 15.0-a.1
Jetpack 15.0-a.3
Jetpack 15.0-a.5
Jetpack 15.0-a.7
Jetpack 15.0-beta
Jetpack 15.0-beta.2
Jetpack 15.0-beta.3
Jetpack 15.1
Jetpack 15.1.1
Jetpack 15.1-a.1
Jetpack 15.1-a.11
Jetpack 15.1-a.3
Jetpack 15.1-a.5
Jetpack 15.1-a.7
Jetpack 15.1-a.9
Jetpack 15.1-beta
Jetpack 15.1-beta.2
Jetpack 15.2
Jetpack 15.2-a.1
Jetpack 15.2-a.3
Jetpack 15.2-a.5
Jetpack 15.2-a.7
Jetpack 15.2-beta
Jetpack 15.3-a.1
Jetpack 15.3-a.3
Jetpack 15.3-a.5
Jetpack 15.3-a.7
Jetpack 15.3-a.9
Jetpack 15.3-beta

Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion

Skrevet den 6. januar 2026 af i All in One SEO Pack

Plugin is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments.

This vulnerability affects the following application versions:

All in One SEO Pack 4.8.8
All in One SEO Pack 4.8.9

Improper access control in admin invoice controllers

Skrevet den 23. december 2025 af i Magento

Several admin invoice controllers lacked explicit ACL (Access Control List) resource definitions, potentially allowing admin users with insufficient privileges to perform invoice operations (create, cancel, capture, void) outside their authorized scope.

This vulnerability affects the following application versions:

Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Cms page design fields ACL bypass via grid inline editor

Skrevet den 23. december 2025 af i Magento

Users with limited CMS editing permissions could modify page design settings (layout, theme) through the admin grid’s inline editing feature, even when their role explicitly denied access to design fields.

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8-beta1

Authenticated arbitrary file/directory deletion in elementor template import

Skrevet den 9. december 2025 af i Elementor Website Builder

An authenticated attacker with template import privileges could delete arbitrary files or directories on the server by manipulating the file path during template import cleanup. The fix adds path validation to ensure only files within the temporary upload directory can be deleted.

This vulnerability affects the following application versions:

Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6

Authenticated (contributor+) stored cross-site scripting via custom page-level css

Skrevet den 9. december 2025 af i Spectra – WordPress Gutenberg Blocks

Due to insufficient input sanitization and output escaping, it makes possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Spectra – WordPress Gutenberg Blocks 2.1.0
Spectra – WordPress Gutenberg Blocks 2.1.1
Spectra – WordPress Gutenberg Blocks 2.2.0
Spectra – WordPress Gutenberg Blocks 2.3.0
Spectra – WordPress Gutenberg Blocks 2.3.1
Spectra – WordPress Gutenberg Blocks 2.3.2
Spectra – WordPress Gutenberg Blocks 2.3.3
Spectra – WordPress Gutenberg Blocks 2.3.4
Spectra – WordPress Gutenberg Blocks 2.3.5
Spectra – WordPress Gutenberg Blocks 2.4.0
Spectra – WordPress Gutenberg Blocks 2.4.1
Spectra – WordPress Gutenberg Blocks 2.4.2
Spectra – WordPress Gutenberg Blocks 2.5.0
Spectra – WordPress Gutenberg Blocks 2.5.1
Spectra – WordPress Gutenberg Blocks 2.6.0
Spectra – WordPress Gutenberg Blocks 2.6.1
Spectra – WordPress Gutenberg Blocks 2.6.2
Spectra – WordPress Gutenberg Blocks 2.6.3
Spectra – WordPress Gutenberg Blocks 2.6.4
Spectra – WordPress Gutenberg Blocks 2.6.5
Spectra – WordPress Gutenberg Blocks 2.6.6
Spectra – WordPress Gutenberg Blocks 2.6.7
Spectra – WordPress Gutenberg Blocks 2.6.8
Spectra – WordPress Gutenberg Blocks 2.6.9
Spectra – WordPress Gutenberg Blocks 2.7.0
Spectra – WordPress Gutenberg Blocks 2.7.1
Spectra – WordPress Gutenberg Blocks 2.7.2
Spectra – WordPress Gutenberg Blocks 2.7.3
Spectra – WordPress Gutenberg Blocks 2.7.4
Spectra – WordPress Gutenberg Blocks 2.7.5
Spectra – WordPress Gutenberg Blocks 2.7.6
Spectra – WordPress Gutenberg Blocks 2.7.7
Spectra – WordPress Gutenberg Blocks 2.7.8
Spectra – WordPress Gutenberg Blocks 2.7.9
Spectra – WordPress Gutenberg Blocks 2.7.10
Spectra – WordPress Gutenberg Blocks 2.7.11
Spectra – WordPress Gutenberg Blocks 2.8.0
Spectra – WordPress Gutenberg Blocks 2.9.0
Spectra – WordPress Gutenberg Blocks 2.9.1
Spectra – WordPress Gutenberg Blocks 2.10.0
Spectra – WordPress Gutenberg Blocks 2.10.1
Spectra – WordPress Gutenberg Blocks 2.10.2
Spectra – WordPress Gutenberg Blocks 2.10.3
Spectra – WordPress Gutenberg Blocks 2.10.4
Spectra – WordPress Gutenberg Blocks 2.10.5
Spectra – WordPress Gutenberg Blocks 2.11.0
Spectra – WordPress Gutenberg Blocks 2.11.1
Spectra – WordPress Gutenberg Blocks 2.11.2
Spectra – WordPress Gutenberg Blocks 2.11.3
Spectra – WordPress Gutenberg Blocks 2.11.4
Spectra – WordPress Gutenberg Blocks 2.12.0
Spectra – WordPress Gutenberg Blocks 2.12.1
Spectra – WordPress Gutenberg Blocks 2.12.2
Spectra – WordPress Gutenberg Blocks 2.12.3
Spectra – WordPress Gutenberg Blocks 2.12.4
Spectra – WordPress Gutenberg Blocks 2.12.5
Spectra – WordPress Gutenberg Blocks 2.12.6
Spectra – WordPress Gutenberg Blocks 2.12.7
Spectra – WordPress Gutenberg Blocks 2.12.8
Spectra – WordPress Gutenberg Blocks 2.12.9
Spectra – WordPress Gutenberg Blocks 2.13.0
Spectra – WordPress Gutenberg Blocks 2.13.1
Spectra – WordPress Gutenberg Blocks 2.13.2
Spectra – WordPress Gutenberg Blocks 2.13.3
Spectra – WordPress Gutenberg Blocks 2.13.4
Spectra – WordPress Gutenberg Blocks 2.13.5
Spectra – WordPress Gutenberg Blocks 2.13.6
Spectra – WordPress Gutenberg Blocks 2.13.7
Spectra – WordPress Gutenberg Blocks 2.13.8
Spectra – WordPress Gutenberg Blocks 2.13.9
Spectra – WordPress Gutenberg Blocks 2.14.0
Spectra – WordPress Gutenberg Blocks 2.14.1
Spectra – WordPress Gutenberg Blocks 2.15.0
Spectra – WordPress Gutenberg Blocks 2.15.1
Spectra – WordPress Gutenberg Blocks 2.15.2
Spectra – WordPress Gutenberg Blocks 2.15.3
Spectra – WordPress Gutenberg Blocks 2.16.0
Spectra – WordPress Gutenberg Blocks 2.16.1
Spectra – WordPress Gutenberg Blocks 2.16.2
Spectra – WordPress Gutenberg Blocks 2.16.3
Spectra – WordPress Gutenberg Blocks 2.16.4
Spectra – WordPress Gutenberg Blocks 2.16.5
Spectra – WordPress Gutenberg Blocks 2.17.0
Spectra – WordPress Gutenberg Blocks 2.18.0
Spectra – WordPress Gutenberg Blocks 2.18.1
Spectra – WordPress Gutenberg Blocks 2.18.2
Spectra – WordPress Gutenberg Blocks 2.18.3
Spectra – WordPress Gutenberg Blocks 2.19.0
Spectra – WordPress Gutenberg Blocks 2.19.1
Spectra – WordPress Gutenberg Blocks 2.19.2
Spectra – WordPress Gutenberg Blocks 2.19.3
Spectra – WordPress Gutenberg Blocks 2.19.4
Spectra – WordPress Gutenberg Blocks 2.19.5
Spectra – WordPress Gutenberg Blocks 2.19.6
Spectra – WordPress Gutenberg Blocks 2.19.7
Spectra – WordPress Gutenberg Blocks 2.19.8
Spectra – WordPress Gutenberg Blocks 2.19.9
Spectra – WordPress Gutenberg Blocks 2.19.10
Spectra – WordPress Gutenberg Blocks 2.19.11
Spectra – WordPress Gutenberg Blocks 2.19.11-beta.1
Spectra – WordPress Gutenberg Blocks 2.19.12
Spectra – WordPress Gutenberg Blocks 2.19.13
Spectra – WordPress Gutenberg Blocks 2.19.14

XSS in new admin form template

Skrevet den 9. december 20258. januar 2026 af i Ninja Forms – The Contact Form Builder

A vulnerability in Ninja Forms allowed unescaped form field values to be displayed in the WordPress admin. This created a risk of stored Cross-Site Scripting (XSS), where a malicious actor could inject harmful JavaScript into form data.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15
Ninja Forms – The Contact Form Builder 3.8.16
Ninja Forms – The Contact Form Builder 3.8.17
Ninja Forms – The Contact Form Builder 3.8.18
Ninja Forms – The Contact Form Builder 3.8.19
Ninja Forms – The Contact Form Builder 3.8.20
Ninja Forms – The Contact Form Builder 3.8.21
Ninja Forms – The Contact Form Builder 3.8.22
Ninja Forms – The Contact Form Builder 3.8.23
Ninja Forms – The Contact Form Builder 3.8.24
Ninja Forms – The Contact Form Builder 3.8.25
Ninja Forms – The Contact Form Builder 3.8.25.1
Ninja Forms – The Contact Form Builder 3.9.0
Ninja Forms – The Contact Form Builder 3.9.1
Ninja Forms – The Contact Form Builder 3.9.2
Ninja Forms – The Contact Form Builder 3.9.2.1
Ninja Forms – The Contact Form Builder 3.10.0

Cross-site request forgery to notice dismissal

Skrevet den 25. november 2025 af i Website Builder by SeedProd

The Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.20. This is due to missing or incorrect nonce validation on the seedprod_lite_redirect_to_site() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

This vulnerability affects the following application versions:

Website Builder by SeedProd 6.13.0
Website Builder by SeedProd 6.13.1
Website Builder by SeedProd 6.15.3
Website Builder by SeedProd 6.15.4
Website Builder by SeedProd 6.15.6
Website Builder by SeedProd 6.15.7
Website Builder by SeedProd 6.15.13.1
Website Builder by SeedProd 6.15.15.3
Website Builder by SeedProd 6.15.19
Website Builder by SeedProd 6.15.20

Hardening Output Escaping in Widget Builder

Skrevet den 25. november 2025 af i ElementsKit Elementor Addons and Templates

Improved the output escaping in widget-writer so that widget settings are properly sanitized before being rendered on the page. This prevents potential cross-site scripting (XSS) issues from malicious or unexpected widget content and makes custom widgets safer for site visitors.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 1.5.7
ElementsKit Elementor Addons and Templates 1.5.8
ElementsKit Elementor Addons and Templates 1.5.9
ElementsKit Elementor Addons and Templates 1.5.10
ElementsKit Elementor Addons and Templates 1.5.11
ElementsKit Elementor Addons and Templates 1.5.12
ElementsKit Elementor Addons and Templates 2.0.0
ElementsKit Elementor Addons and Templates 2.0.1
ElementsKit Elementor Addons and Templates 2.0.2
ElementsKit Elementor Addons and Templates 2.0.3
ElementsKit Elementor Addons and Templates 2.0.4
ElementsKit Elementor Addons and Templates 2.0.5
ElementsKit Elementor Addons and Templates 2.0.6
ElementsKit Elementor Addons and Templates 2.0.7
ElementsKit Elementor Addons and Templates 2.0.8
ElementsKit Elementor Addons and Templates 2.0.9
ElementsKit Elementor Addons and Templates 2.0.9.1
ElementsKit Elementor Addons and Templates 2.0.9.2
ElementsKit Elementor Addons and Templates 2.0.9.3
ElementsKit Elementor Addons and Templates 2.0.10
ElementsKit Elementor Addons and Templates 2.0.11
ElementsKit Elementor Addons and Templates 2.0.12
ElementsKit Elementor Addons and Templates 2.0.13
ElementsKit Elementor Addons and Templates 2.1.0
ElementsKit Elementor Addons and Templates 2.1.1
ElementsKit Elementor Addons and Templates 2.1.2
ElementsKit Elementor Addons and Templates 2.1.3
ElementsKit Elementor Addons and Templates 2.1.4
ElementsKit Elementor Addons and Templates 2.1.5
ElementsKit Elementor Addons and Templates 2.1.6
ElementsKit Elementor Addons and Templates 2.1.7
ElementsKit Elementor Addons and Templates 2.2.0
ElementsKit Elementor Addons and Templates 2.2.1
ElementsKit Elementor Addons and Templates 2.2.2
ElementsKit Elementor Addons and Templates 2.2.3
ElementsKit Elementor Addons and Templates 2.2.4
ElementsKit Elementor Addons and Templates 2.3.0
ElementsKit Elementor Addons and Templates 2.3.1
ElementsKit Elementor Addons and Templates 2.3.1.1
ElementsKit Elementor Addons and Templates 2.3.2
ElementsKit Elementor Addons and Templates 2.3.3
ElementsKit Elementor Addons and Templates 2.3.4
ElementsKit Elementor Addons and Templates 2.3.5
ElementsKit Elementor Addons and Templates 2.3.6
ElementsKit Elementor Addons and Templates 2.3.7
ElementsKit Elementor Addons and Templates 2.4.0
ElementsKit Elementor Addons and Templates 2.5.0
ElementsKit Elementor Addons and Templates 2.5.1
ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7
ElementsKit Elementor Addons and Templates 3.2.8
ElementsKit Elementor Addons and Templates 3.2.9
ElementsKit Elementor Addons and Templates 3.3.0
ElementsKit Elementor Addons and Templates 3.3.1
ElementsKit Elementor Addons and Templates 3.3.2
ElementsKit Elementor Addons and Templates 3.3.3
ElementsKit Elementor Addons and Templates 3.3.4
ElementsKit Elementor Addons and Templates 3.3.5
ElementsKit Elementor Addons and Templates 3.3.6
ElementsKit Elementor Addons and Templates 3.3.7
ElementsKit Elementor Addons and Templates 3.3.8
ElementsKit Elementor Addons and Templates 3.3.9
ElementsKit Elementor Addons and Templates 3.4.0
ElementsKit Elementor Addons and Templates 3.4.1
ElementsKit Elementor Addons and Templates 3.4.2
ElementsKit Elementor Addons and Templates 3.4.3
ElementsKit Elementor Addons and Templates 3.4.4
ElementsKit Elementor Addons and Templates 3.4.5
ElementsKit Elementor Addons and Templates 3.4.6
ElementsKit Elementor Addons and Templates 3.4.7
ElementsKit Elementor Addons and Templates 3.4.8
ElementsKit Elementor Addons and Templates 3.4.9
ElementsKit Elementor Addons and Templates 3.5.0
ElementsKit Elementor Addons and Templates 3.5.1
ElementsKit Elementor Addons and Templates 3.5.2

Cross-site scripting via improper output escaping in multiple classes

Skrevet den 25. november 2025 af i WPForms

In various parts of the code, values were being rendered directly into html attributes, url-s, and other contexts without the required wordpress escaping functions. This included form identifiers being output into html attributes, admin urls being constructed without url sanitization, and potentially other similar cases where user-influenced or database-derived data was being displayed.

This vulnerability affects the following application versions:

WPForms 1.1.4
WPForms 1.1.4.2
WPForms 1.1.5
WPForms 1.1.5.1
WPForms 1.1.6
WPForms 1.1.6.1
WPForms 1.1.7
WPForms 1.1.7.1
WPForms 1.1.7.2
WPForms 1.1.8
WPForms 1.1.8.1
WPForms 1.1.8.2
WPForms 1.1.8.3
WPForms 1.1.8.4
WPForms 1.2.0
WPForms 1.2.0.1
WPForms 1.2.1
WPForms 1.2.2
WPForms 1.2.2.1
WPForms 1.2.2.2
WPForms 1.2.3
WPForms 1.2.3.1
WPForms 1.2.3.2
WPForms 1.2.4
WPForms 1.2.4.1
WPForms 1.2.5
WPForms 1.2.5.1
WPForms 1.2.6
WPForms 1.2.7
WPForms 1.2.8
WPForms 1.2.8.1
WPForms 1.2.9
WPForms 1.3.0
WPForms 1.3.1
WPForms 1.3.1.1
WPForms 1.3.1.2
WPForms 1.3.2
WPForms 1.3.3
WPForms 1.3.5
WPForms 1.3.6
WPForms 1.3.6.1
WPForms 1.3.6.2
WPForms 1.3.7.2
WPForms 1.3.7.3
WPForms 1.3.7.4
WPForms 1.3.8
WPForms 1.3.9.1
WPForms 1.4.0.1
WPForms 1.4.1.1
WPForms 1.4.2
WPForms 1.4.2.1
WPForms 1.4.2.2
WPForms 1.4.3
WPForms 1.4.4
WPForms 1.4.4.1
WPForms 1.4.5
WPForms 1.4.5.1
WPForms 1.4.5.2
WPForms 1.4.5.3
WPForms 1.4.6
WPForms 1.4.7.1
WPForms 1.4.7.2
WPForms 1.4.8.1
WPForms 1.4.9
WPForms 1.5.0.1
WPForms 1.5.0.3
WPForms 1.5.0.4
WPForms 1.5.1
WPForms 1.5.1.1
WPForms 1.5.1.3
WPForms 1.5.2.1
WPForms 1.5.2.2
WPForms 1.5.2.3
WPForms 1.5.3
WPForms 1.5.3.1
WPForms 1.5.4.1
WPForms 1.5.4.2
WPForms 1.5.5
WPForms 1.5.5.1
WPForms 1.5.6
WPForms 1.5.6.2
WPForms 1.5.7
WPForms 1.5.8.2
WPForms 1.5.9.1
WPForms 1.5.9.4
WPForms 1.5.9.5
WPForms 1.6.0.1
WPForms 1.6.0.2
WPForms 1.6.1
WPForms 1.6.2.2
WPForms 1.6.2.3
WPForms 1.6.3.1
WPForms 1.6.4
WPForms 1.6.4.1
WPForms 1.6.5
WPForms 1.6.6
WPForms 1.6.7
WPForms 1.6.7.1
WPForms 1.6.7.2
WPForms 1.6.7.3
WPForms 1.6.8
WPForms 1.6.8.1
WPForms 1.6.9
WPForms 1.7.0
WPForms 1.7.1.1
WPForms 1.7.1.2
WPForms 1.7.2
WPForms 1.7.2.1
WPForms 1.7.3
WPForms 1.7.4
WPForms 1.7.4.1
WPForms 1.7.4.2
WPForms 1.7.5.1
WPForms 1.7.5.2
WPForms 1.7.5.3
WPForms 1.7.5.5
WPForms 1.7.6
WPForms 1.7.7
WPForms 1.7.7.1
WPForms 1.7.7.2
WPForms 1.7.8
WPForms 1.7.9
WPForms 1.7.9.1
WPForms 1.8.0.1
WPForms 1.8.0.2
WPForms 1.8.1.1
WPForms 1.8.1.2
WPForms 1.8.1.3
WPForms 1.8.2.1
WPForms 1.8.2.2
WPForms 1.8.2.3
WPForms 1.8.3
WPForms 1.8.3.1
WPForms 1.8.4
WPForms 1.8.4.1
WPForms 1.8.5.2
WPForms 1.8.5.3
WPForms 1.8.5.4
WPForms 1.8.6.2
WPForms 1.8.6.3
WPForms 1.8.6.4
WPForms 1.8.7.2
WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4

Incorrect permissions in UI Data Provider Component

Skrevet den 25. november 2025 af i Magento

An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity.

This vulnerability affects the following application versions:

Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.4-p12
Magento 2.4.4-p13
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.5-p11
Magento 2.4.5-p12
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.6-p9
Magento 2.4.6-p10
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.7-p4
Magento 2.4.7-p5
Magento 2.4.8
Magento 2.4.8-beta1
Magento 2.4.8-beta2

Unvalidated html attribute names and values enable XSS injection

Skrevet den 24. november 2025 af i Popup Builder by Forward Looking

The createAttrs() method constructs html attributes by directly concatenating user-controlled attribute names and values into the output string without any validation or sanitization. This allows attackers to inject specially crafted attribute names containing quotes or special characters to break out of the attribute context, or to inject malicious attribute values containing JavaScript event handlers

This vulnerability affects the following application versions:

Popup Builder by Forward Looking 3.0.2
Popup Builder by Forward Looking 3.0.3
Popup Builder by Forward Looking 3.0.4
Popup Builder by Forward Looking 3.0.5
Popup Builder by Forward Looking 3.0.6
Popup Builder by Forward Looking 3.0.7
Popup Builder by Forward Looking 3.0.8
Popup Builder by Forward Looking 3.0.9
Popup Builder by Forward Looking 3.0.9.1
Popup Builder by Forward Looking 3.1
Popup Builder by Forward Looking 3.1.1
Popup Builder by Forward Looking 3.1.2
Popup Builder by Forward Looking 3.1.3
Popup Builder by Forward Looking 3.1.4
Popup Builder by Forward Looking 3.1.4.1
Popup Builder by Forward Looking 3.1.5
Popup Builder by Forward Looking 3.1.5.1
Popup Builder by Forward Looking 3.1.5.2
Popup Builder by Forward Looking 3.1.6
Popup Builder by Forward Looking 3.1.6.1
Popup Builder by Forward Looking 3.1.7
Popup Builder by Forward Looking 3.1.7.1
Popup Builder by Forward Looking 3.1.8
Popup Builder by Forward Looking 3.1.9
Popup Builder by Forward Looking 3.2
Popup Builder by Forward Looking 3.3
Popup Builder by Forward Looking 3.4
Popup Builder by Forward Looking 3.7
Popup Builder by Forward Looking 3.7.1
Popup Builder by Forward Looking 3.41
Popup Builder by Forward Looking 3.42
Popup Builder by Forward Looking 3.43
Popup Builder by Forward Looking 3.44
Popup Builder by Forward Looking 3.45
Popup Builder by Forward Looking 3.46
Popup Builder by Forward Looking 3.47
Popup Builder by Forward Looking 3.48
Popup Builder by Forward Looking 3.49
Popup Builder by Forward Looking 3.50
Popup Builder by Forward Looking 3.51
Popup Builder by Forward Looking 3.52
Popup Builder by Forward Looking 3.53
Popup Builder by Forward Looking 3.54
Popup Builder by Forward Looking 3.55
Popup Builder by Forward Looking 3.56
Popup Builder by Forward Looking 3.57
Popup Builder by Forward Looking 3.58
Popup Builder by Forward Looking 3.59
Popup Builder by Forward Looking 3.60
Popup Builder by Forward Looking 3.61
Popup Builder by Forward Looking 3.61.1
Popup Builder by Forward Looking 3.62
Popup Builder by Forward Looking 3.62.1
Popup Builder by Forward Looking 3.63
Popup Builder by Forward Looking 3.64
Popup Builder by Forward Looking 3.64.1
Popup Builder by Forward Looking 3.65
Popup Builder by Forward Looking 3.65.1
Popup Builder by Forward Looking 3.65.2
Popup Builder by Forward Looking 3.66
Popup Builder by Forward Looking 3.67
Popup Builder by Forward Looking 3.68.1
Popup Builder by Forward Looking 3.68.2
Popup Builder by Forward Looking 3.68.3
Popup Builder by Forward Looking 3.68.4
Popup Builder by Forward Looking 3.68.5
Popup Builder by Forward Looking 3.68.5.1
Popup Builder by Forward Looking 3.68.5.2
Popup Builder by Forward Looking 3.69
Popup Builder by Forward Looking 3.69.1
Popup Builder by Forward Looking 3.69.2
Popup Builder by Forward Looking 3.69.3
Popup Builder by Forward Looking 3.69.4
Popup Builder by Forward Looking 3.69.5
Popup Builder by Forward Looking 3.69.6
Popup Builder by Forward Looking 3.71
Popup Builder by Forward Looking 3.72
Popup Builder by Forward Looking 3.73
Popup Builder by Forward Looking 3.74
Popup Builder by Forward Looking 3.75
Popup Builder by Forward Looking 3.76
Popup Builder by Forward Looking 3.77
Popup Builder by Forward Looking 3.78
Popup Builder by Forward Looking 3.79
Popup Builder by Forward Looking 3.81
Popup Builder by Forward Looking 3.82
Popup Builder by Forward Looking 3.83
Popup Builder by Forward Looking 3.84
Popup Builder by Forward Looking 4.0
Popup Builder by Forward Looking 4.0.1
Popup Builder by Forward Looking 4.0.2
Popup Builder by Forward Looking 4.0.3
Popup Builder by Forward Looking 4.0.4
Popup Builder by Forward Looking 4.0.5
Popup Builder by Forward Looking 4.0.6
Popup Builder by Forward Looking 4.0.7
Popup Builder by Forward Looking 4.0.8
Popup Builder by Forward Looking 4.0.9
Popup Builder by Forward Looking 4.1.0
Popup Builder by Forward Looking 4.1.1
Popup Builder by Forward Looking 4.1.2
Popup Builder by Forward Looking 4.1.3
Popup Builder by Forward Looking 4.1.4
Popup Builder by Forward Looking 4.1.5
Popup Builder by Forward Looking 4.1.6
Popup Builder by Forward Looking 4.1.7
Popup Builder by Forward Looking 4.1.8
Popup Builder by Forward Looking 4.1.9
Popup Builder by Forward Looking 4.1.10
Popup Builder by Forward Looking 4.1.11
Popup Builder by Forward Looking 4.1.12
Popup Builder by Forward Looking 4.1.13
Popup Builder by Forward Looking 4.1.14
Popup Builder by Forward Looking 4.1.15
Popup Builder by Forward Looking 4.2.0
Popup Builder by Forward Looking 4.2.2
Popup Builder by Forward Looking 4.2.3
Popup Builder by Forward Looking 4.2.4
Popup Builder by Forward Looking 4.2.5
Popup Builder by Forward Looking 4.2.6
Popup Builder by Forward Looking 4.2.7
Popup Builder by Forward Looking 4.3.0
Popup Builder by Forward Looking 4.3.2
Popup Builder by Forward Looking 4.3.3
Popup Builder by Forward Looking 4.3.4
Popup Builder by Forward Looking 4.3.5
Popup Builder by Forward Looking 4.3.6
Popup Builder by Forward Looking 4.3.7
Popup Builder by Forward Looking 4.3.8
Popup Builder by Forward Looking 4.3.9
Popup Builder by Forward Looking 4.4.0
Popup Builder by Forward Looking 4.4.1

Reflected self-based cross-site scripting via request referrer

Skrevet den 24. november 20258. januar 2026 af i Ninja Forms – The Contact Form Builder

Vulnerability to reflected self-based cross-site scripting via the referer header due to insufficient input sanitization and output escaping; an attacker could inject scripts that execute if a user is tricked into acting (for example, clicking a link). exploitation requires a temporary maintenance mode that cannot be enabled by attackers or administrators and is only active during a brief update window, which greatly limits practical impact, and the self-based nature of the issue means attackers must chain additional techniques to run a payload in the targeted user’s context.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.4.34.2
Ninja Forms – The Contact Form Builder 3.4.34.3
Ninja Forms – The Contact Form Builder 3.5.8.4
Ninja Forms – The Contact Form Builder 3.5.8.5
Ninja Forms – The Contact Form Builder 3.6.34
Ninja Forms – The Contact Form Builder 3.6.34.1
Ninja Forms – The Contact Form Builder 3.7.3
Ninja Forms – The Contact Form Builder 3.7.3.1
Ninja Forms – The Contact Form Builder 3.8.0
Ninja Forms – The Contact Form Builder 3.8.1
Ninja Forms – The Contact Form Builder 3.8.2
Ninja Forms – The Contact Form Builder 3.8.3
Ninja Forms – The Contact Form Builder 3.8.4
Ninja Forms – The Contact Form Builder 3.8.5
Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15

Improper output sanitization in checkbox field required label display

Skrevet den 24. november 2025 af i WPForms

The field_display() method fails to properly sanitize the required field label before outputting it to the browser. The $required variable, populated by wpforms_get_field_required_label() is directly concatenated into the label output without sanitization creating a potential cross-site scripting vulnerability.

This vulnerability affects the following application versions:

WPForms 1.4.6
WPForms 1.4.7.1
WPForms 1.4.7.2
WPForms 1.4.8.1
WPForms 1.4.9
WPForms 1.5.0.1
WPForms 1.5.0.3
WPForms 1.5.0.4
WPForms 1.5.1
WPForms 1.5.1.1
WPForms 1.5.1.3
WPForms 1.5.2.1
WPForms 1.5.2.2
WPForms 1.5.2.3
WPForms 1.5.3
WPForms 1.5.3.1
WPForms 1.5.4.1
WPForms 1.5.4.2
WPForms 1.5.5
WPForms 1.5.5.1
WPForms 1.5.6
WPForms 1.5.6.2
WPForms 1.5.7
WPForms 1.5.8.2
WPForms 1.5.9.1
WPForms 1.5.9.4
WPForms 1.5.9.5
WPForms 1.6.0.1
WPForms 1.6.0.2
WPForms 1.6.1
WPForms 1.6.2.2
WPForms 1.6.2.3
WPForms 1.6.3.1
WPForms 1.6.4
WPForms 1.6.4.1
WPForms 1.6.5
WPForms 1.6.6
WPForms 1.6.7
WPForms 1.6.7.1
WPForms 1.6.7.2
WPForms 1.6.7.3
WPForms 1.6.8
WPForms 1.6.8.1
WPForms 1.6.9
WPForms 1.7.0
WPForms 1.7.1.1
WPForms 1.7.1.2
WPForms 1.7.2
WPForms 1.7.2.1
WPForms 1.7.3
WPForms 1.7.4
WPForms 1.7.4.1
WPForms 1.7.4.2
WPForms 1.7.5.1
WPForms 1.7.5.2
WPForms 1.7.5.3
WPForms 1.7.5.5
WPForms 1.7.6
WPForms 1.7.7
WPForms 1.7.7.1
WPForms 1.7.7.2
WPForms 1.7.8
WPForms 1.7.9
WPForms 1.7.9.1
WPForms 1.8.0.1
WPForms 1.8.0.2
WPForms 1.8.1.1
WPForms 1.8.1.2
WPForms 1.8.1.3
WPForms 1.8.2.1
WPForms 1.8.2.2
WPForms 1.8.2.3
WPForms 1.8.3
WPForms 1.8.3.1
WPForms 1.8.4
WPForms 1.8.4.1
WPForms 1.8.5.2
WPForms 1.8.5.3
WPForms 1.8.5.4
WPForms 1.8.6.2
WPForms 1.8.6.3
WPForms 1.8.6.4
WPForms 1.8.7.2
WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4
WPForms 1.9.1.1
WPForms 1.9.1.2

Product view enhancement

Skrevet den 24. november 2025 af i Magento

Product view enhancement

This vulnerability affects the following application versions:

Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.4-p12
Magento 2.4.4-p13
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.5-p11
Magento 2.4.5-p12
Magento 2.4.5-p13
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.6-p9
Magento 2.4.6-p10
Magento 2.4.6-p11
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.7-p4
Magento 2.4.7-p5
Magento 2.4.7-p6
Magento 2.4.8
Magento 2.4.8-beta1
Magento 2.4.8-beta2
Magento 2.4.8-p1
Magento 2.4.9-alpha1

Unauthenticated Arbitrary File Upload

Skrevet den 19. november 2025 af i King Addons for Elementor

Due to missing capability/nonce checks and improper file-type validation in the file upload handler, a remote attacker can upload files with dangerous extensions (e.g. PHP) to the server, which can then be executed as a web shell, leading to remote code execution on the affected WordPress site.

This vulnerability affects the following application versions:

King Addons for Elementor 24.12.83
King Addons for Elementor 24.12.84
King Addons for Elementor 24.12.85
King Addons for Elementor 24.12.86
King Addons for Elementor 24.12.87
King Addons for Elementor 24.12.88
King Addons for Elementor 24.12.89
King Addons for Elementor 24.12.90
King Addons for Elementor 24.12.91
King Addons for Elementor 24.12.92
King Addons for Elementor 24.12.93
King Addons for Elementor 51.1.2
King Addons for Elementor 51.1.14
King Addons for Elementor 51.1.35
King Addons for Elementor 51.1.36

Unauthenticated privilege escalation

Skrevet den 19. november 2025 af i King Addons for Elementor

Unauthenticated attackers are able to perform privilege escalation to register as site administrators.

This vulnerability affects the following application versions:

King Addons for Elementor 24.12.92
King Addons for Elementor 24.12.93
King Addons for Elementor 51.1.2
King Addons for Elementor 51.1.14

Drupal core – Moderately critical – Defacement – SA-CORE-2025-007

Skrevet den 17. november 2025 af i Drupal

By generating and tricking a user into visiting a malicious URL, an attacker can perform site defacement.

The defacement is not stored and is only present when the URL has been crafted for that purpose. Only the defacement is present, so no other site content (such as branding) is rendered.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.5.0
Drupal 10.5.1
Drupal 10.5.2
Drupal 10.5.3
Drupal 10.5.4
Drupal 10.5.5
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6
Drupal 11.1.7
Drupal 11.1.8
Drupal 11.2.0
Drupal 11.2.1
Drupal 11.2.2
Drupal 11.2.3
Drupal 11.2.4
Drupal 11.2.5
Drupal 11.2.6
Drupal 11.2.7

Drupal Moderately critical – Denial of Service – SA-CORE-2025-005

Skrevet den 17. november 2025 af i Drupal

Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden.

This functionality can be abused in a way that may cause Drupal to cache response data that it should not. This can lead to legitimate requests receiving inappropriate cached responses (cache poisoning).

This vulnerability affects the following application versions:

Drupal 8.3.9
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.5.0
Drupal 10.5.1
Drupal 10.5.2
Drupal 10.5.3
Drupal 10.5.4
Drupal 10.5.5
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6
Drupal 11.1.7
Drupal 11.1.8
Drupal 11.2.0
Drupal 11.2.1
Drupal 11.2.2
Drupal 11.2.3
Drupal 11.2.4
Drupal 11.2.5
Drupal 11.2.6
Drupal 11.2.7

Drupal core – Moderately critical – Information disclosure – SA-CORE-2025-008

Skrevet den 17. november 2025 af i Drupal

The system module handles downloads of private and temporary files, but may serve them with a Cache-Control: public header when they should be uncacheable. This could allow sensitive files to be cached and disclosed to unauthorized users.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.5.0
Drupal 10.5.1
Drupal 10.5.2
Drupal 10.5.3
Drupal 10.5.4
Drupal 10.5.5
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6
Drupal 11.1.7
Drupal 11.1.8
Drupal 11.2.0
Drupal 11.2.1
Drupal 11.2.2
Drupal 11.2.3
Drupal 11.2.4
Drupal 11.2.5
Drupal 11.2.6
Drupal 11.2.7

Drupal core – Moderately critical – Gadget chain – SA-CORE-2025-006

Skrevet den 17. november 2025 af i Drupal

Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called “gadget chain” presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.5.0
Drupal 10.5.1
Drupal 10.5.2
Drupal 10.5.3
Drupal 10.5.4
Drupal 10.5.5
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6
Drupal 11.1.7
Drupal 11.1.8
Drupal 11.2.0
Drupal 11.2.1
Drupal 11.2.2
Drupal 11.2.3
Drupal 11.2.4
Drupal 11.2.5
Drupal 11.2.6
Drupal 11.2.7

Improper authorization in magento report module export functions

Skrevet den 11. november 2025 af i Magento

Certain export actions, such as exportsalescsv, exporttaxcsv, and others, could be accessed without verifying the correct admin ACL permissions.

This could allow a low-privileged user with access to the admin panel to export sensitive sales, tax, shipping, invoiced, refunded, coupon, or bestseller data.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Authenticated (author+) stored cross-site scripting in importer

Skrevet den 11. november 2025 af i Starter Templates – AI-Powered Templates

A vulnerability allowed authenticated users (Author+) to upload malicious SVG files or inject scripts during site imports, leading to stored XSS. Attackers could execute JavaScript in visitors’ browsers.

This vulnerability affects the following application versions:

Starter Templates – AI-Powered Templates 0.4.4.0
Starter Templates – AI-Powered Templates 4.2.2
Starter Templates – AI-Powered Templates 4.2.3
Starter Templates – AI-Powered Templates 4.2.4
Starter Templates – AI-Powered Templates 4.2.5
Starter Templates – AI-Powered Templates 4.2.6
Starter Templates – AI-Powered Templates 4.3.0
Starter Templates – AI-Powered Templates 4.3.1
Starter Templates – AI-Powered Templates 4.3.2
Starter Templates – AI-Powered Templates 4.3.3
Starter Templates – AI-Powered Templates 4.3.4
Starter Templates – AI-Powered Templates 4.3.5
Starter Templates – AI-Powered Templates 4.3.6
Starter Templates – AI-Powered Templates 4.3.7
Starter Templates – AI-Powered Templates 4.3.8
Starter Templates – AI-Powered Templates 4.3.9
Starter Templates – AI-Powered Templates 4.4.0

Stored XSS in admin product form via unescaped weight unit

Skrevet den 11. november 2025 af i Magento

An unescaped weight unit value was rendered in the admin product form helper, allowing a maliciously crafted weight unit string to be output into the admin UI.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8-beta1

Contributor role privilege escalation via post status manipulation in elementor page settings

Skrevet den 11. november 2025 af i Elementor Website Builder

Failure to properly validate post status changes for contributor-level users can bypass wordpress’s intended editorial workflow by setting posts to unauthorized statuses such as ‘private’, ‘future’ (scheduled), or other restricted statuses. While the code prevents direct publishing, it doesn’t restrict Contributors to only ‘draft’ and ‘pending’ statuses as intended by wordpress’s role hierarchy.

This vulnerability affects the following application versions:

Elementor Website Builder 2.0.0
Elementor Website Builder 2.0.0-beta1
Elementor Website Builder 2.0.0-beta2
Elementor Website Builder 2.0.0-beta3
Elementor Website Builder 2.0.0-beta4
Elementor Website Builder 2.0.1
Elementor Website Builder 2.0.2
Elementor Website Builder 2.0.3
Elementor Website Builder 2.0.4
Elementor Website Builder 2.0.5
Elementor Website Builder 2.0.6
Elementor Website Builder 2.0.7
Elementor Website Builder 2.0.8
Elementor Website Builder 2.0.9
Elementor Website Builder 2.0.10
Elementor Website Builder 2.0.11
Elementor Website Builder 2.0.12
Elementor Website Builder 2.0.13
Elementor Website Builder 2.0.14
Elementor Website Builder 2.0.15
Elementor Website Builder 2.0.16
Elementor Website Builder 2.1.0
Elementor Website Builder 2.1.0-beta1
Elementor Website Builder 2.1.0-beta2
Elementor Website Builder 2.1.0-beta3
Elementor Website Builder 2.1.1
Elementor Website Builder 2.1.2
Elementor Website Builder 2.1.3
Elementor Website Builder 2.1.4
Elementor Website Builder 2.1.5
Elementor Website Builder 2.1.6
Elementor Website Builder 2.1.7
Elementor Website Builder 2.1.8
Elementor Website Builder 2.2.0
Elementor Website Builder 2.2.0-beta1
Elementor Website Builder 2.2.0-beta2
Elementor Website Builder 2.2.0-beta3
Elementor Website Builder 2.2.1
Elementor Website Builder 2.2.2
Elementor Website Builder 2.2.3
Elementor Website Builder 2.2.4
Elementor Website Builder 2.2.5
Elementor Website Builder 2.2.6
Elementor Website Builder 2.2.7
Elementor Website Builder 2.3.0
Elementor Website Builder 2.3.0-beta1
Elementor Website Builder 2.3.0-beta2
Elementor Website Builder 2.3.0-beta3
Elementor Website Builder 2.3.0-beta4
Elementor Website Builder 2.3.0-beta5
Elementor Website Builder 2.3.1
Elementor Website Builder 2.3.2
Elementor Website Builder 2.3.3
Elementor Website Builder 2.3.4
Elementor Website Builder 2.3.5
Elementor Website Builder 2.3.6
Elementor Website Builder 2.3.7
Elementor Website Builder 2.3.8
Elementor Website Builder 2.4.0
Elementor Website Builder 2.4.0-beta1
Elementor Website Builder 2.4.0-beta2
Elementor Website Builder 2.4.0-beta3
Elementor Website Builder 2.4.0-beta4
Elementor Website Builder 2.4.1
Elementor Website Builder 2.4.2
Elementor Website Builder 2.4.3
Elementor Website Builder 2.4.4
Elementor Website Builder 2.4.5
Elementor Website Builder 2.4.6
Elementor Website Builder 2.4.7
Elementor Website Builder 2.5.0
Elementor Website Builder 2.5.0-beta1
Elementor Website Builder 2.5.0-beta2
Elementor Website Builder 2.5.0-beta3
Elementor Website Builder 2.5.0-beta4
Elementor Website Builder 2.5.1
Elementor Website Builder 2.5.2
Elementor Website Builder 2.5.3
Elementor Website Builder 2.5.4
Elementor Website Builder 2.5.5
Elementor Website Builder 2.5.6
Elementor Website Builder 2.5.7
Elementor Website Builder 2.5.8
Elementor Website Builder 2.5.9
Elementor Website Builder 2.5.10
Elementor Website Builder 2.5.11
Elementor Website Builder 2.5.12
Elementor Website Builder 2.5.13
Elementor Website Builder 2.5.14
Elementor Website Builder 2.5.15
Elementor Website Builder 2.5.16
Elementor Website Builder 2.6.0
Elementor Website Builder 2.6.0-beta1
Elementor Website Builder 2.6.0-beta2
Elementor Website Builder 2.6.0-beta3
Elementor Website Builder 2.6.1
Elementor Website Builder 2.6.2
Elementor Website Builder 2.6.3
Elementor Website Builder 2.6.4
Elementor Website Builder 2.6.5
Elementor Website Builder 2.6.6
Elementor Website Builder 2.6.7
Elementor Website Builder 2.6.8
Elementor Website Builder 2.7.0
Elementor Website Builder 2.7.0-beta1
Elementor Website Builder 2.7.0-beta2
Elementor Website Builder 2.7.0-beta3
Elementor Website Builder 2.7.0-beta4
Elementor Website Builder 2.7.1
Elementor Website Builder 2.7.2
Elementor Website Builder 2.7.3
Elementor Website Builder 2.7.4
Elementor Website Builder 2.7.5
Elementor Website Builder 2.7.6
Elementor Website Builder 2.8.0
Elementor Website Builder 2.8.0-beta1
Elementor Website Builder 2.8.0-beta2
Elementor Website Builder 2.8.0-beta3
Elementor Website Builder 2.8.0-beta4
Elementor Website Builder 2.8.1
Elementor Website Builder 2.8.2
Elementor Website Builder 2.8.3
Elementor Website Builder 2.8.4
Elementor Website Builder 2.8.5
Elementor Website Builder 2.9.0
Elementor Website Builder 2.9.0-beta1
Elementor Website Builder 2.9.0-beta2
Elementor Website Builder 2.9.0-beta3
Elementor Website Builder 2.9.0-beta4
Elementor Website Builder 2.9.0-beta5
Elementor Website Builder 2.9.1
Elementor Website Builder 2.9.2
Elementor Website Builder 2.9.3
Elementor Website Builder 2.9.4
Elementor Website Builder 2.9.5
Elementor Website Builder 2.9.6
Elementor Website Builder 2.9.7
Elementor Website Builder 2.9.8
Elementor Website Builder 2.9.9
Elementor Website Builder 2.9.10
Elementor Website Builder 2.9.11
Elementor Website Builder 2.9.12
Elementor Website Builder 2.9.13
Elementor Website Builder 2.9.14
Elementor Website Builder 3.0.0
Elementor Website Builder 3.0.0-beta1
Elementor Website Builder 3.0.0-beta2
Elementor Website Builder 3.0.0-beta3
Elementor Website Builder 3.0.0-beta4
Elementor Website Builder 3.0.0-beta5
Elementor Website Builder 3.0.0-beta6
Elementor Website Builder 3.0.1
Elementor Website Builder 3.0.2
Elementor Website Builder 3.0.3
Elementor Website Builder 3.0.4
Elementor Website Builder 3.0.5
Elementor Website Builder 3.0.6
Elementor Website Builder 3.0.7
Elementor Website Builder 3.0.8
Elementor Website Builder 3.0.8.1
Elementor Website Builder 3.0.9
Elementor Website Builder 3.0.10
Elementor Website Builder 3.0.11
Elementor Website Builder 3.0.12
Elementor Website Builder 3.0.13
Elementor Website Builder 3.0.14
Elementor Website Builder 3.0.15
Elementor Website Builder 3.0.16
Elementor Website Builder 3.1.0
Elementor Website Builder 3.1.0-beta1
Elementor Website Builder 3.1.0-beta2
Elementor Website Builder 3.1.0-beta3
Elementor Website Builder 3.1.0-beta4
Elementor Website Builder 3.1.0-dev1
Elementor Website Builder 3.1.0-dev2
Elementor Website Builder 3.1.0-dev3
Elementor Website Builder 3.1.0-dev4
Elementor Website Builder 3.1.1
Elementor Website Builder 3.1.2
Elementor Website Builder 3.1.3
Elementor Website Builder 3.1.4
Elementor Website Builder 3.2.0
Elementor Website Builder 3.2.0-beta1
Elementor Website Builder 3.2.0-beta2
Elementor Website Builder 3.2.0-beta3
Elementor Website Builder 3.2.0-beta4
Elementor Website Builder 3.2.0-dev1
Elementor Website Builder 3.2.0-dev2
Elementor Website Builder 3.2.0-dev3
Elementor Website Builder 3.2.0-dev4
Elementor Website Builder 3.2.0-dev5
Elementor Website Builder 3.2.0-dev6
Elementor Website Builder 3.2.0-dev7
Elementor Website Builder 3.2.0-dev8
Elementor Website Builder 3.2.1
Elementor Website Builder 3.2.2
Elementor Website Builder 3.2.3
Elementor Website Builder 3.2.4
Elementor Website Builder 3.2.5
Elementor Website Builder 3.3.0
Elementor Website Builder 3.3.0-beta1
Elementor Website Builder 3.3.0-beta2
Elementor Website Builder 3.3.0-beta3
Elementor Website Builder 3.3.0-beta4
Elementor Website Builder 3.3.0-beta5
Elementor Website Builder 3.3.0-dev1
Elementor Website Builder 3.3.0-dev2
Elementor Website Builder 3.3.0-dev3
Elementor Website Builder 3.3.0-dev4
Elementor Website Builder 3.3.0-dev5
Elementor Website Builder 3.3.0-dev6
Elementor Website Builder 3.3.0-dev7
Elementor Website Builder 3.3.0-dev8
Elementor Website Builder 3.3.0-dev9
Elementor Website Builder 3.3.0-dev10
Elementor Website Builder 3.3.0-dev11
Elementor Website Builder 3.3.0-dev12
Elementor Website Builder 3.3.0-dev13
Elementor Website Builder 3.3.0-dev14
Elementor Website Builder 3.3.0-dev15
Elementor Website Builder 3.3.1
Elementor Website Builder 3.4.0
Elementor Website Builder 3.4.0-beta1
Elementor Website Builder 3.4.0-beta2
Elementor Website Builder 3.4.0-beta3
Elementor Website Builder 3.4.0-beta4
Elementor Website Builder 3.4.0-beta5
Elementor Website Builder 3.4.0-dev1
Elementor Website Builder 3.4.0-dev2
Elementor Website Builder 3.4.0-dev3
Elementor Website Builder 3.4.0-dev4
Elementor Website Builder 3.4.0-dev5
Elementor Website Builder 3.4.0-dev6
Elementor Website Builder 3.4.0-dev7
Elementor Website Builder 3.4.0-dev8
Elementor Website Builder 3.4.0-dev9
Elementor Website Builder 3.4.0-dev10
Elementor Website Builder 3.4.0-dev11
Elementor Website Builder 3.4.0-dev12
Elementor Website Builder 3.4.0-dev13
Elementor Website Builder 3.4.1
Elementor Website Builder 3.4.2
Elementor Website Builder 3.4.3
Elementor Website Builder 3.4.4
Elementor Website Builder 3.4.5
Elementor Website Builder 3.4.6
Elementor Website Builder 3.4.7
Elementor Website Builder 3.4.8
Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev1
Elementor Website Builder 3.5.0-dev2
Elementor Website Builder 3.5.0-dev3
Elementor Website Builder 3.5.0-dev4
Elementor Website Builder 3.5.0-dev5
Elementor Website Builder 3.5.0-dev6
Elementor Website Builder 3.5.0-dev7
Elementor Website Builder 3.5.0-dev8
Elementor Website Builder 3.5.0-dev9
Elementor Website Builder 3.5.0-dev10
Elementor Website Builder 3.5.0-dev11
Elementor Website Builder 3.5.0-dev12
Elementor Website Builder 3.5.0-dev13
Elementor Website Builder 3.5.0-dev14
Elementor Website Builder 3.5.0-dev15
Elementor Website Builder 3.5.0-dev16
Elementor Website Builder 3.5.0-dev17
Elementor Website Builder 3.5.0-dev18
Elementor Website Builder 3.5.0-dev19
Elementor Website Builder 3.5.0-dev20
Elementor Website Builder 3.5.0-dev21
Elementor Website Builder 3.5.0-dev22
Elementor Website Builder 3.5.0-dev23
Elementor Website Builder 3.5.0-dev24
Elementor Website Builder 3.5.0-dev25
Elementor Website Builder 3.5.0-dev26
Elementor Website Builder 3.5.0-dev27
Elementor Website Builder 3.5.0-dev28
Elementor Website Builder 3.5.0-dev29
Elementor Website Builder 3.5.0-dev30
Elementor Website Builder 3.5.0-dev31
Elementor Website Builder 3.5.0-dev32
Elementor Website Builder 3.5.0-dev33
Elementor Website Builder 3.5.0-dev34
Elementor Website Builder 3.5.0-dev35
Elementor Website Builder 3.5.0-dev36
Elementor Website Builder 3.5.0-dev37
Elementor Website Builder 3.5.0-dev38
Elementor Website Builder 3.5.0-dev39
Elementor Website Builder 3.5.0-dev40
Elementor Website Builder 3.5.0-dev41
Elementor Website Builder 3.5.0-dev42
Elementor Website Builder 3.5.0-dev43
Elementor Website Builder 3.5.0-dev44
Elementor Website Builder 3.5.0-dev45
Elementor Website Builder 3.5.0-dev46
Elementor Website Builder 3.5.0-dev47
Elementor Website Builder 3.5.0-dev48
Elementor Website Builder 3.5.0-dev49
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6

Stored XSS vulnerability in admin dashboard order grid due to unescaped currency code

Skrevet den 11. november 202514. maj 2026 af i Magento

An issue was identified where unescaped currency codes were rendered in the admin dashboard order grid. This could allow stored cross-site scripting (XSS) if a malicious value was injected into the currency code.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8
Magento 2.4.8-beta1
Magento 2.4.8-beta2
Magento 2.4.8-p1
Magento 2.4.8-p2
Magento 2.4.8-p3
Magento 2.4.8-p4
Magento 2.4.8-p5
Magento 2.4.9
Magento 2.4.9-alpha1
Magento 2.4.9-alpha2
Magento 2.4.9-alpha3
Magento 2.4.9-beta1

Dom-based stored cross-site scripting via ‘data-gallery-items’

Skrevet den 11. november 2025 af i Essential Addons for Elementor

DOM-Based Stored Cross-Site Scripting available via the ‘data-gallery-items’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9
Essential Addons for Elementor 6.1.10
Essential Addons for Elementor 6.1.11
Essential Addons for Elementor 6.1.12
Essential Addons for Elementor 6.1.13
Essential Addons for Elementor 6.1.14
Essential Addons for Elementor 6.1.15
Essential Addons for Elementor 6.1.17
Essential Addons for Elementor 6.1.18
Essential Addons for Elementor 6.1.19
Essential Addons for Elementor 6.1.20
Essential Addons for Elementor 6.2.0
Essential Addons for Elementor 6.2.1
Essential Addons for Elementor 6.2.2

Improper Authorization Vulnerability in Rate Export

Skrevet den 11. november 2025 af i Magento

This issue could allow a low-privileged attacker to bypass security measures and modify minor information. No user interaction is required for exploitation.

This vulnerability affects the following application versions:

Magento 0.42.0-beta4
Magento 0.42.0-beta5
Magento 0.42.0-beta6
Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Input Validation in admin html export

Skrevet den 28. oktober 2025 af i Magento

This flaw could allow an unauthenticated attacker to exploit improper input validation, potentially leading to a security feature bypass and the ability to modify files outside restricted directories. Exploitation does not require user interaction.

This vulnerability affects the following application versions:

Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.8-beta1

Stored cross-site scripting via fancy text widget

Skrevet den 28. oktober 2025 af i Essential Addons for Elementor

Stored cross-site scripting available via the plugin’s fancy text widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3

Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading

Skrevet den 28. oktober 2025 af i InfiniteWP Client

Information disclosure via unauthenticated limited directory traversal in debug-chart/index.php, allowing reading of arbitrary .txt files in the backups directory.

This vulnerability affects the following application versions:

InfiniteWP Client 1.9.4.1
InfiniteWP Client 1.9.4.4
InfiniteWP Client 1.9.4.5
InfiniteWP Client 1.9.4.6
InfiniteWP Client 1.9.4.8.2
InfiniteWP Client 1.9.4.11
InfiniteWP Client 1.9.6
InfiniteWP Client 1.9.8
InfiniteWP Client 1.9.9
InfiniteWP Client 1.11.0
InfiniteWP Client 1.11.1
InfiniteWP Client 1.12.1
InfiniteWP Client 1.12.3
InfiniteWP Client 1.12.3.1
InfiniteWP Client 1.12.5
InfiniteWP Client 1.13.0

Improper Authorization vulnerability in newsletter module

Skrevet den 28. oktober 2025 af i Magento

Improper Authorization vulnerability available that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Authenticated (Admin+) Stored Cross-Site Scripting via admin settings

Skrevet den 27. oktober 2025 af i Ninja Forms – The Contact Form Builder

Authenticated admins can inject malicious scripts into settings, executed on affected pages for other users.

This vulnerability affects the following application versions:

Ninja Forms – The Contact Form Builder 3.8.6
Ninja Forms – The Contact Form Builder 3.8.7
Ninja Forms – The Contact Form Builder 3.8.8
Ninja Forms – The Contact Form Builder 3.8.9
Ninja Forms – The Contact Form Builder 3.8.10
Ninja Forms – The Contact Form Builder 3.8.11
Ninja Forms – The Contact Form Builder 3.8.12
Ninja Forms – The Contact Form Builder 3.8.13
Ninja Forms – The Contact Form Builder 3.8.14
Ninja Forms – The Contact Form Builder 3.8.15
Ninja Forms – The Contact Form Builder 3.8.16
Ninja Forms – The Contact Form Builder 3.8.17

Stored cross-site scripting in essential addons for elementor via unvalidated template id

Skrevet den 27. oktober 202524. maj 2026 af i Essential Addons for Elementor

Essential Addons for Elementor ≤ 6.1.9 lets Contributor-level users execute arbitrary JavaScript in viewers’ browsers by referencing a draft post ID in widget template settings, which the plugin renders without verifying it is a published elementor_library template.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9

Authenticated (contributor+) sensitive information exposure via Login&Register widget.

Skrevet den 27. oktober 2025 af i Essential Addons for Elementor

The essential addons for elemento is vulnerable to sensitive information exposure via the ‘init_content_register_user_email_controls’ function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the login register form widget.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5

XSS in the Filterable Gallery

Skrevet den 16. oktober 202518. oktober 2025 af i Essential Addons for Elementor

A stored cross-site scripting (XSS) vulnerability exists in the plugin via the “No More Items Text” parameter in the Filterable Gallery. Malicious JavaScript can be injected through this field.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27

Hidden login page location disclosure

Skrevet den 16. oktober 2025 af i WPS Hide Login

The plugin is vulnerable to login page disclosure which makes it possible for unauthenticated attackers to bypass an intended security restriction designed to prevent brute force authentication attempts on multi-site installations.

This vulnerability affects the following application versions:

WPS Hide Login 1.5
WPS Hide Login 1.5.1
WPS Hide Login 1.5.2
WPS Hide Login 1.5.2.1
WPS Hide Login 1.5.2.2
WPS Hide Login 1.5.3
WPS Hide Login 1.5.4
WPS Hide Login 1.5.4.1
WPS Hide Login 1.5.4.2
WPS Hide Login 1.5.5
WPS Hide Login 1.5.6
WPS Hide Login 1.5.7
WPS Hide Login 1.6
WPS Hide Login 1.6.1
WPS Hide Login 1.7
WPS Hide Login 1.8
WPS Hide Login 1.8.1
WPS Hide Login 1.8.2
WPS Hide Login 1.8.3
WPS Hide Login 1.8.4
WPS Hide Login 1.8.5
WPS Hide Login 1.8.6
WPS Hide Login 1.8.7
WPS Hide Login 1.8.8
WPS Hide Login 1.9
WPS Hide Login 1.9.1
WPS Hide Login 1.9.2
WPS Hide Login 1.9.3
WPS Hide Login 1.9.4
WPS Hide Login 1.9.5
WPS Hide Login 1.9.6
WPS Hide Login 1.9.7
WPS Hide Login 1.9.8
WPS Hide Login 1.9.9
WPS Hide Login 1.9.10
WPS Hide Login 1.9.11

Improved permission validation in the Template Library

Skrevet den 16. oktober 202518. oktober 2025 af i Elementor Website Builder

Fixed insufficient permission checks in the Template Library that could allow unauthorized users to access restricted templates.

This vulnerability affects the following application versions:

Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev3

XSS in nav menus

Skrevet den 8. oktober 202518. oktober 2025 af i WordPress

A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus.

This vulnerability affects the following application versions:

WordPress 4.3
WordPress 4.3.1
WordPress 4.3.2
WordPress 4.3.3
WordPress 4.3.4
WordPress 4.3.5
WordPress 4.3.6
WordPress 4.3.7
WordPress 4.3.8
WordPress 4.3.9
WordPress 4.3.10
WordPress 4.3.11
WordPress 4.3.12
WordPress 4.3.13
WordPress 4.3.14
WordPress 4.3.15
WordPress 4.3.16
WordPress 4.3.17
WordPress 4.3.18
WordPress 4.3.19
WordPress 4.3.20
WordPress 4.3.21
WordPress 4.3.22
WordPress 4.3.23
WordPress 4.3.24
WordPress 4.3.25
WordPress 4.3.26
WordPress 4.3.27
WordPress 4.3.28
WordPress 4.3.29
WordPress 4.3.30
WordPress 4.3.31
WordPress 4.3.32
WordPress 4.3.33
WordPress 4.3.34
WordPress 4.3.35
WordPress 4.4
WordPress 4.4.1
WordPress 4.4.2
WordPress 4.4.3
WordPress 4.4.4
WordPress 4.4.5
WordPress 4.4.6
WordPress 4.4.7
WordPress 4.4.8
WordPress 4.4.9
WordPress 4.4.10
WordPress 4.4.11
WordPress 4.4.12
WordPress 4.4.13
WordPress 4.4.14
WordPress 4.4.15
WordPress 4.4.16
WordPress 4.4.17
WordPress 4.4.18
WordPress 4.4.19
WordPress 4.4.20
WordPress 4.4.21
WordPress 4.4.22
WordPress 4.4.23
WordPress 4.4.24
WordPress 4.4.25
WordPress 4.4.26
WordPress 4.4.27
WordPress 4.4.28
WordPress 4.4.29
WordPress 4.4.30
WordPress 4.4.31
WordPress 4.4.32
WordPress 4.4.33
WordPress 4.4.34
WordPress 4.5
WordPress 4.5.1
WordPress 4.5.2
WordPress 4.5.3
WordPress 4.5.4
WordPress 4.5.5
WordPress 4.5.6
WordPress 4.5.7
WordPress 4.5.8
WordPress 4.5.9
WordPress 4.5.10
WordPress 4.5.11
WordPress 4.5.12
WordPress 4.5.13
WordPress 4.5.14
WordPress 4.5.15
WordPress 4.5.16
WordPress 4.5.17
WordPress 4.5.18
WordPress 4.5.19
WordPress 4.5.20
WordPress 4.5.21
WordPress 4.5.22
WordPress 4.5.23
WordPress 4.5.24
WordPress 4.5.25
WordPress 4.5.26
WordPress 4.5.27
WordPress 4.5.28
WordPress 4.5.29
WordPress 4.5.30
WordPress 4.5.31
WordPress 4.5.32
WordPress 4.5.33
WordPress 4.6
WordPress 4.6.1
WordPress 4.6.2
WordPress 4.6.3
WordPress 4.6.4
WordPress 4.6.5
WordPress 4.6.6
WordPress 4.6.7
WordPress 4.6.8
WordPress 4.6.9
WordPress 4.6.10
WordPress 4.6.11
WordPress 4.6.12
WordPress 4.6.13
WordPress 4.6.14
WordPress 4.6.15
WordPress 4.6.16
WordPress 4.6.17
WordPress 4.6.18
WordPress 4.6.19
WordPress 4.6.20
WordPress 4.6.21
WordPress 4.6.22
WordPress 4.6.23
WordPress 4.6.24
WordPress 4.6.25
WordPress 4.6.26
WordPress 4.6.27
WordPress 4.6.28
WordPress 4.6.29
WordPress 4.6.30
WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.7.12
WordPress 4.7.13
WordPress 4.7.14
WordPress 4.7.15
WordPress 4.7.16
WordPress 4.7.17
WordPress 4.7.18
WordPress 4.7.19
WordPress 4.7.20
WordPress 4.7.21
WordPress 4.7.22
WordPress 4.7.23
WordPress 4.7.24
WordPress 4.7.25
WordPress 4.7.26
WordPress 4.7.27
WordPress 4.7.28
WordPress 4.7.29
WordPress 4.7.30
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.10
WordPress 4.8.11
WordPress 4.8.12
WordPress 4.8.13
WordPress 4.8.14
WordPress 4.8.15
WordPress 4.8.16
WordPress 4.8.17
WordPress 4.8.18
WordPress 4.8.19
WordPress 4.8.20
WordPress 4.8.21
WordPress 4.8.22
WordPress 4.8.23
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.8.8
WordPress 4.8.9
WordPress 4.8.24
WordPress 4.8.25
WordPress 4.8.26
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.8
WordPress 4.9.9
WordPress 4.9.10
WordPress 4.9.11
WordPress 4.9.12
WordPress 4.9.13
WordPress 4.9.14
WordPress 4.9.15
WordPress 4.9.16
WordPress 4.9.17
WordPress 4.9.18
WordPress 4.9.19
WordPress 4.9.20
WordPress 4.9.21
WordPress 4.9.22
WordPress 4.9.23
WordPress 4.9.24
WordPress 4.9.25
WordPress 4.9.26
WordPress 4.9.27
WordPress 5.0
WordPress 5.0.1
WordPress 5.0.10
WordPress 5.0.11
WordPress 5.0.12
WordPress 5.0.13
WordPress 5.0.14
WordPress 5.0.15
WordPress 5.0.2
WordPress 5.0.3
WordPress 5.0.4
WordPress 5.0.6
WordPress 5.0.7
WordPress 5.0.8
WordPress 5.0.9
WordPress 5.0.16
WordPress 5.0.17
WordPress 5.0.18
WordPress 5.0.19
WordPress 5.0.20
WordPress 5.0.21
WordPress 5.0.22
WordPress 5.0.23
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3
WordPress 5.1
WordPress 5.1.1
WordPress 5.1.10
WordPress 5.1.11
WordPress 5.1.12
WordPress 5.1.13
WordPress 5.1.14
WordPress 5.1.15
WordPress 5.1.16
WordPress 5.1.17
WordPress 5.1.18
WordPress 5.1.19
WordPress 5.1.2
WordPress 5.1.20
WordPress 5.1.3
WordPress 5.1.4
WordPress 5.1.5
WordPress 5.1.6
WordPress 5.1.7
WordPress 5.1.8
WordPress 5.1.9
WordPress 5.2
WordPress 5.2.1
WordPress 5.2.2
WordPress 5.2 Beta 1
WordPress 5.2 Beta 2
WordPress 5.8
WordPress 5.8.1
WordPress 5.8.10
WordPress 5.8.11
WordPress 5.8.2
WordPress 5.8.3
WordPress 5.8.4
WordPress 5.8.5
WordPress 5.8.6
WordPress 5.8.7
WordPress 5.8.8
WordPress 5.8.9
WordPress 5.9
WordPress 5.9.1
WordPress 5.9.10
WordPress 5.9.11
WordPress 5.9.2
WordPress 5.9.3
WordPress 5.9.4
WordPress 5.9.5
WordPress 5.9.6
WordPress 5.9.7
WordPress 5.9.8
WordPress 5.9.9
WordPress 6.0
WordPress 6.0.1
WordPress 6.0.10
WordPress 6.0.2
WordPress 6.0.3
WordPress 6.0.4
WordPress 6.0.5
WordPress 6.0.6
WordPress 6.0.7
WordPress 6.0.8
WordPress 6.0.9
WordPress 6.1
WordPress 6.1.1
WordPress 6.1.2
WordPress 6.1.3
WordPress 6.1.4
WordPress 6.1.5
WordPress 6.1.6
WordPress 6.1.7
WordPress 6.1.8
WordPress 6.2
WordPress 6.2.1
WordPress 6.2.2
WordPress 6.2.3
WordPress 6.2.4
WordPress 6.2.5
WordPress 6.2.6
WordPress 6.2.7
WordPress 6.3
WordPress 6.3.1
WordPress 6.3.2
WordPress 6.3.3
WordPress 6.3.4
WordPress 6.3.5
WordPress 6.3.6
WordPress 6.4
WordPress 6.4.1
WordPress 6.4.2
WordPress 6.4.3
WordPress 6.4.4
WordPress 6.4.5
WordPress 6.4.6
WordPress 6.5
WordPress 6.5.2
WordPress 6.5.3
WordPress 6.5.4
WordPress 6.5.5
WordPress 6.5.6
WordPress 6.6
WordPress 6.6.1
WordPress 6.6.2
WordPress 6.6.3
WordPress 6.7
WordPress 6.7.1
WordPress 6.7.2
WordPress 6.7.3
WordPress 6.8
WordPress 6.8.1
WordPress 6.8.2

[20250901] – Inadequate content filtering within the checkAttribute filter code

Skrevet den 3. oktober 2025 af i Joomla

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

This vulnerability affects the following application versions:

Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3

[20250902] – User-Enumeration in passkey authentication method

Skrevet den 3. oktober 2025 af i Joomla

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 4.4.13
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5
Joomla 5.2.6
Joomla 5.3.0
Joomla 5.3.1
Joomla 5.3.2
Joomla 5.3.3

Authorization bypass allows access to restricted content

Skrevet den 3. oktober 2025 af i WordPress

A data exposure vulnerability was identified where authenticated users, despite having valid accounts, were able to access restricted content that should have been limited to higher-privileged roles. This flaw allowed users to view sensitive or otherwise unauthorized data by bypassing proper access control checks.

This vulnerability affects the following application versions:

WordPress 4.7
WordPress 4.7.1
WordPress 4.7.2
WordPress 4.7.3
WordPress 4.7.4
WordPress 4.7.5
WordPress 4.7.6
WordPress 4.7.7
WordPress 4.7.8
WordPress 4.7.9
WordPress 4.7.10
WordPress 4.7.11
WordPress 4.7.12
WordPress 4.7.13
WordPress 4.7.14
WordPress 4.7.15
WordPress 4.7.16
WordPress 4.7.17
WordPress 4.7.18
WordPress 4.7.19
WordPress 4.7.20
WordPress 4.7.21
WordPress 4.7.22
WordPress 4.7.23
WordPress 4.7.24
WordPress 4.7.25
WordPress 4.7.26
WordPress 4.7.27
WordPress 4.7.28
WordPress 4.7.29
WordPress 4.7.30
WordPress 4.8
WordPress 4.8.1
WordPress 4.8.2
WordPress 4.8.3
WordPress 4.8.4
WordPress 4.8.5
WordPress 4.8.6
WordPress 4.8.7
WordPress 4.8.8
WordPress 4.8.9
WordPress 4.8.10
WordPress 4.8.11
WordPress 4.8.12
WordPress 4.8.13
WordPress 4.8.14
WordPress 4.8.15
WordPress 4.8.16
WordPress 4.8.17
WordPress 4.8.18
WordPress 4.8.19
WordPress 4.8.20
WordPress 4.8.21
WordPress 4.8.22
WordPress 4.8.23
WordPress 4.8.24
WordPress 4.8.25
WordPress 4.8.26
WordPress 4.9
WordPress 4.9.1
WordPress 4.9.2
WordPress 4.9.3
WordPress 4.9.4
WordPress 4.9.5
WordPress 4.9.6
WordPress 4.9.7
WordPress 4.9.10
WordPress 4.9.11
WordPress 4.9.12
WordPress 4.9.13
WordPress 4.9.14
WordPress 4.9.15
WordPress 4.9.16
WordPress 4.9.17
WordPress 4.9.18
WordPress 4.9.19
WordPress 4.9.20
WordPress 4.9.21
WordPress 4.9.22
WordPress 4.9.23
WordPress 4.9.24
WordPress 4.9.25
WordPress 4.9.26
WordPress 4.9.27
WordPress 4.9.8
WordPress 4.9.9
WordPress 5.0
WordPress 5.0.1
WordPress 5.0.2
WordPress 5.0.3
WordPress 5.0.4
WordPress 5.0.6
WordPress 5.0.7
WordPress 5.0.8
WordPress 5.0.9
WordPress 5.0.10
WordPress 5.0.11
WordPress 5.0.12
WordPress 5.0.13
WordPress 5.0.14
WordPress 5.0.15
WordPress 5.0.16
WordPress 5.0.17
WordPress 5.0.18
WordPress 5.0.19
WordPress 5.0.20
WordPress 5.0.21
WordPress 5.0.22
WordPress 5.0.23
WordPress 5.0 Beta 1
WordPress 5.0 Beta 2
WordPress 5.0 Beta 3
WordPress 5.0 Beta 4
WordPress 5.0 RC1
WordPress 5.0 RC2
WordPress 5.0 RC3
WordPress 5.1
WordPress 5.1.1
WordPress 5.1.10
WordPress 5.1.11
WordPress 5.1.12
WordPress 5.1.13
WordPress 5.1.14
WordPress 5.1.15
WordPress 5.1.16
WordPress 5.1.17
WordPress 5.1.18
WordPress 5.1.19
WordPress 5.1.2
WordPress 5.1.20
WordPress 5.1.3
WordPress 5.1.4
WordPress 5.1.5
WordPress 5.1.6
WordPress 5.1.7
WordPress 5.1.8
WordPress 5.1.9
WordPress 5.2
WordPress 5.2.1
WordPress 5.2.10
WordPress 5.2.11
WordPress 5.2.12
WordPress 5.2.13
WordPress 5.2.14
WordPress 5.2.15
WordPress 5.2.16
WordPress 5.2.17
WordPress 5.2.18
WordPress 5.2.19
WordPress 5.2.2
WordPress 5.2.20
WordPress 5.2.21
WordPress 5.2.22
WordPress 5.2.3
WordPress 5.2.4
WordPress 5.2.5
WordPress 5.2.6
WordPress 5.2.7
WordPress 5.2.8
WordPress 5.2.9
WordPress 5.2 Beta 1
WordPress 5.2 Beta 2
WordPress 5.3
WordPress 5.3.1
WordPress 5.3.10
WordPress 5.3.11
WordPress 5.3.12
WordPress 5.3.13
WordPress 5.3.14
WordPress 5.3.15
WordPress 5.3.16
WordPress 5.3.17
WordPress 5.3.18
WordPress 5.3.19
WordPress 5.3.2
WordPress 5.3.3
WordPress 5.3.4
WordPress 5.3.5
WordPress 5.3.6
WordPress 5.3.7
WordPress 5.3.8
WordPress 5.3.9
WordPress 5.4
WordPress 5.4.1
WordPress 5.4.10
WordPress 5.4.11
WordPress 5.4.12
WordPress 5.4.13
WordPress 5.4.14
WordPress 5.4.15
WordPress 5.4.16
WordPress 5.4.17
WordPress 5.4.2
WordPress 5.4.3
WordPress 5.4.4
WordPress 5.4.5
WordPress 5.4.6
WordPress 5.4.7
WordPress 5.4.8
WordPress 5.4.9
WordPress 5.5
WordPress 5.5.1
WordPress 5.5.10
WordPress 5.5.11
WordPress 5.5.12
WordPress 5.5.13
WordPress 5.5.14
WordPress 5.5.15
WordPress 5.5.16
WordPress 5.5.2
WordPress 5.5.3
WordPress 5.5.4
WordPress 5.5.5
WordPress 5.5.6
WordPress 5.5.7
WordPress 5.5.8
WordPress 5.5.9
WordPress 5.6
WordPress 5.6.1
WordPress 5.6.10
WordPress 5.6.11
WordPress 5.6.12
WordPress 5.6.13
WordPress 5.6.14
WordPress 5.6.15
WordPress 5.6.2
WordPress 5.6.3
WordPress 5.6.4
WordPress 5.6.5
WordPress 5.6.6
WordPress 5.6.7
WordPress 5.6.8
WordPress 5.6.9
WordPress 5.7
WordPress 5.7.1
WordPress 5.7.10
WordPress 5.7.11
WordPress 5.7.12
WordPress 5.7.13
WordPress 5.7.2
WordPress 5.7.3
WordPress 5.7.4
WordPress 5.7.5
WordPress 5.7.6
WordPress 5.7.7
WordPress 5.7.8
WordPress 5.7.9
WordPress 5.8
WordPress 5.8.1
WordPress 5.8.10
WordPress 5.8.11
WordPress 5.8.2
WordPress 5.8.3
WordPress 5.8.4
WordPress 5.8.5
WordPress 5.8.6
WordPress 5.8.7
WordPress 5.8.8
WordPress 5.8.9
WordPress 5.9
WordPress 5.9.1
WordPress 5.9.10
WordPress 5.9.11
WordPress 5.9.2
WordPress 5.9.3
WordPress 5.9.4
WordPress 5.9.5
WordPress 5.9.6
WordPress 5.9.7
WordPress 5.9.8
WordPress 5.9.9
WordPress 6.0
WordPress 6.0.1
WordPress 6.0.10
WordPress 6.0.2
WordPress 6.0.3
WordPress 6.0.4
WordPress 6.0.5
WordPress 6.0.6
WordPress 6.0.7
WordPress 6.0.8
WordPress 6.0.9
WordPress 6.1
WordPress 6.1.1
WordPress 6.1.2
WordPress 6.1.3
WordPress 6.1.4
WordPress 6.1.5
WordPress 6.1.6
WordPress 6.1.7
WordPress 6.1.8
WordPress 6.2
WordPress 6.2.1
WordPress 6.2.2
WordPress 6.2.3
WordPress 6.2.4
WordPress 6.2.5
WordPress 6.2.6
WordPress 6.2.7
WordPress 6.3
WordPress 6.3.1
WordPress 6.3.2
WordPress 6.3.3
WordPress 6.3.4
WordPress 6.3.5
WordPress 6.3.6
WordPress 6.4
WordPress 6.4.1
WordPress 6.4.2
WordPress 6.4.3
WordPress 6.4.4
WordPress 6.4.5
WordPress 6.4.6
WordPress 6.5
WordPress 6.5.2
WordPress 6.5.3
WordPress 6.5.4
WordPress 6.5.5
WordPress 6.5.6
WordPress 6.6
WordPress 6.6.1
WordPress 6.6.2
WordPress 6.6.3
WordPress 6.7
WordPress 6.7.1
WordPress 6.7.2
WordPress 6.7.3
WordPress 6.8
WordPress 6.8.1
WordPress 6.8.2

Presta Shop vulnerable to email enumeration

Skrevet den 1. oktober 202524. maj 2026 af i PrestaShop

An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate valid back-office employee email addresses.

This vulnerability affects the following application versions:

PrestaShop 1.7.0.0
PrestaShop 1.7.0.0 alpha3
PrestaShop 1.7.0.0 alpha4
PrestaShop 1.7.0.0 beta1
PrestaShop 1.7.0.0 beta2
PrestaShop 1.7.0.0 beta3
PrestaShop 1.7.0.0 RC0
PrestaShop 1.7.0.0 RC1
PrestaShop 1.7.0.0 RC2
PrestaShop 1.7.0.0 RC3
PrestaShop 1.7.0.1
PrestaShop 1.7.0.2
PrestaShop 1.7.0.3
PrestaShop 1.7.0.4
PrestaShop 1.7.0.5
PrestaShop 1.7.0.6
PrestaShop 1.7.1.0
PrestaShop 1.7.1.0 beta1
PrestaShop 1.7.1.1
PrestaShop 1.7.1.2
PrestaShop 1.7.2.0
PrestaShop 1.7.2.0 RC 1
PrestaShop 1.7.2.0-RC.1.0
PrestaShop 1.7.2.1
PrestaShop 1.7.2.2
PrestaShop 1.7.2.3
PrestaShop 1.7.2.4
PrestaShop 1.7.2.5
PrestaShop 1.7.3.0
PrestaShop 1.7.3.0 beta 1
PrestaShop 1.7.3.0 RC 1
PrestaShop 1.7.3.1
PrestaShop 1.7.3.2
PrestaShop 1.7.3.3
PrestaShop 1.7.3.4
PrestaShop 1.7.4.0
PrestaShop 1.7.4.0 beta 1
PrestaShop 1.7.4.1
PrestaShop 1.7.4.2
PrestaShop 1.7.4.3
PrestaShop 1.7.4.4
PrestaShop 1.7.5.0
PrestaShop 1.7.5.0 beta 1
PrestaShop 1.7.5.0 RC 1
PrestaShop 1.7.5.0-beta.1
PrestaShop 1.7.5.0-RC.1
PrestaShop 1.7.5.1
PrestaShop 1.7.5.2
PrestaShop 1.7.6.0
PrestaShop 1.7.6.0 beta 1
PrestaShop 1.7.6.0 RC 1
PrestaShop 1.7.6.0 RC 2
PrestaShop 1.7.6.0-beta.1
PrestaShop 1.7.6.0-RC.1
PrestaShop 1.7.6.0-RC.2
PrestaShop 1.7.6.1
PrestaShop 1.7.6.2
PrestaShop 1.7.6.3
PrestaShop 1.7.6.4
PrestaShop 1.7.6.4 1
PrestaShop 1.7.6.5
PrestaShop 1.7.6.5 1
PrestaShop 1.7.6.6
PrestaShop 1.7.6.7
PrestaShop 1.7.6.8
PrestaShop 1.7.6.9
PrestaShop 1.7.7.0
PrestaShop 1.7.7.0 beta 1
PrestaShop 1.7.7.0 beta 2
PrestaShop 1.7.7.0 RC 1
PrestaShop 1.7.7.0-beta.1
PrestaShop 1.7.7.0-beta.2
PrestaShop 1.7.7.0-RC.1
PrestaShop 1.7.7.1
PrestaShop 1.7.7.2
PrestaShop 1.7.7.3
PrestaShop 1.7.7.4
PrestaShop 1.7.7.5
PrestaShop 1.7.7.6
PrestaShop 1.7.7.7
PrestaShop 1.7.7.8
PrestaShop 1.7.7.8 1
PrestaShop 1.7.8.0
PrestaShop 1.7.8.0 beta 1
PrestaShop 1.7.8.0 1
PrestaShop 1.7.8.0 RC 1
PrestaShop 1.7.8.0-beta.1
PrestaShop 1.7.8.0-RC.1
PrestaShop 1.7.8.1
PrestaShop 1.7.8.2
PrestaShop 1.7.8.2 1
PrestaShop 1.7.8.3
PrestaShop 1.7.8.4
PrestaShop 1.7.8.5
PrestaShop 1.7.8.6
PrestaShop 1.7.8.7
PrestaShop 1.7.8.7 1
PrestaShop 1.7.8.8
PrestaShop 1.7.8.9
PrestaShop 1.7.8.10
PrestaShop 1.7.8.11
PrestaShop 8.0.0
PrestaShop 8.0.1
PrestaShop 8.0.2
PrestaShop 8.0.3
PrestaShop 8.0.4
PrestaShop 8.0.5
PrestaShop 8.1.0
PrestaShop 8.1.1
PrestaShop 8.1.2
PrestaShop 8.1.3
PrestaShop 8.1.4
PrestaShop 8.1.5
PrestaShop 8.1.6
PrestaShop 8.1.7
PrestaShop 8.2.0
PrestaShop 8.2.1
PrestaShop 8.2.2
PrestaShop show

Arbitrary File Read via Image Import

Skrevet den 1. oktober 2025 af i Elementor Website Builder

Fixed an arbitrary file read vulnerability in the import() function that could allow unauthorized access to server files (information disclosure).

This vulnerability affects the following application versions:

Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4
Elementor Website Builder 3.29.1
Elementor Website Builder 3.29.2
Elementor Website Builder 3.30.0
Elementor Website Builder 3.30.0-beta1
Elementor Website Builder 3.30.0-beta2
Elementor Website Builder 3.30.0-beta3
Elementor Website Builder 3.30.0-dev1
Elementor Website Builder 3.30.0-dev2
Elementor Website Builder 3.30.0-dev3
Elementor Website Builder 3.30.1
Elementor Website Builder 3.30.2

Stored Cross-Site Scripting in Heading Widget

Skrevet den 30. september 202518. oktober 2025 af i Elementor Website Builder

Elementor did not always sanitize certain user-supplied text/attributes before saving and rendering them. Because of that, a user who can create or edit title in heading widget, which would run later when the page is opened by other users.

This vulnerability affects the following application versions:

Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4

Improper access control in notification block

Skrevet den 30. september 2025 af i Magento

A low‑privileged user can bypass certain security feature controls, possibly accessing or triggering behaviors that should be restricted which allows bypassing “notification block” control due to insufficient authorization or missing permission checks.

This vulnerability affects the following application versions:

Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Stored cross-site scripting via shortcode

Skrevet den 30. september 202518. oktober 2025 af i Elementor Website Builder

The elementor element shortcude does not require any validation or authentication to ensure that the data was legitimate or intended for rendering. This allowed any user to craft a shortcode with arbitrary data and inject content into posts or pages. Since the data could contain rendered HTML or widgets, this posed a risk of unauthorized content injection, possible privilege escalation, or stored XSS, depending on how the data was used.

This vulnerability affects the following application versions:

Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4
Elementor Website Builder 3.27.5
Elementor Website Builder 3.27.6
Elementor Website Builder 3.27.7
Elementor Website Builder 3.28.0
Elementor Website Builder 3.28.0-beta1
Elementor Website Builder 3.28.0-beta2
Elementor Website Builder 3.28.0-beta3
Elementor Website Builder 3.28.0-dev1
Elementor Website Builder 3.28.0-dev2
Elementor Website Builder 3.28.0-dev3
Elementor Website Builder 3.28.1
Elementor Website Builder 3.28.2
Elementor Website Builder 3.28.3
Elementor Website Builder 3.28.4
Elementor Website Builder 3.29.0
Elementor Website Builder 3.29.0-beta1
Elementor Website Builder 3.29.0-beta2
Elementor Website Builder 3.29.0-beta3
Elementor Website Builder 3.29.0-beta4
Elementor Website Builder 3.29.0-dev1
Elementor Website Builder 3.29.0-dev2
Elementor Website Builder 3.29.0-dev3
Elementor Website Builder 3.29.0-dev4

Code injection via rendering of custom js

Skrevet den 29. september 2025 af i Popup Builder by Forward Looking

An attacker was able to inject code via the custom JS into the frontend. This vulnerability is now mitigated by disabling the rendering of the custom JS when the sgpb-disable-custom-js option is enabled.

This vulnerability affects the following application versions:

Popup Builder by Forward Looking 3.74
Popup Builder by Forward Looking 3.75
Popup Builder by Forward Looking 3.76
Popup Builder by Forward Looking 3.77
Popup Builder by Forward Looking 3.78
Popup Builder by Forward Looking 3.79
Popup Builder by Forward Looking 3.81
Popup Builder by Forward Looking 3.82
Popup Builder by Forward Looking 3.83
Popup Builder by Forward Looking 3.84
Popup Builder by Forward Looking 4.0
Popup Builder by Forward Looking 4.0.1
Popup Builder by Forward Looking 4.0.2
Popup Builder by Forward Looking 4.0.3
Popup Builder by Forward Looking 4.0.4
Popup Builder by Forward Looking 4.0.5
Popup Builder by Forward Looking 4.0.6
Popup Builder by Forward Looking 4.0.7
Popup Builder by Forward Looking 4.0.8
Popup Builder by Forward Looking 4.0.9
Popup Builder by Forward Looking 4.1.0
Popup Builder by Forward Looking 4.1.1
Popup Builder by Forward Looking 4.1.2
Popup Builder by Forward Looking 4.1.3
Popup Builder by Forward Looking 4.1.4
Popup Builder by Forward Looking 4.1.5
Popup Builder by Forward Looking 4.1.6
Popup Builder by Forward Looking 4.1.7
Popup Builder by Forward Looking 4.1.8
Popup Builder by Forward Looking 4.1.9
Popup Builder by Forward Looking 4.1.10
Popup Builder by Forward Looking 4.1.11
Popup Builder by Forward Looking 4.1.12
Popup Builder by Forward Looking 4.1.13
Popup Builder by Forward Looking 4.1.14
Popup Builder by Forward Looking 4.1.15
Popup Builder by Forward Looking 4.2.0
Popup Builder by Forward Looking 4.2.2
Popup Builder by Forward Looking 4.2.3
Popup Builder by Forward Looking 4.2.4
Popup Builder by Forward Looking 4.2.5
Popup Builder by Forward Looking 4.2.6
Popup Builder by Forward Looking 4.2.7
Popup Builder by Forward Looking 4.3.0
Popup Builder by Forward Looking 4.3.2

Stored cross-site scripting via image comparison widget

Skrevet den 19. september 202518. oktober 2025 af i ElementsKit Elementor Addons and Templates

Stored Cross-Site Scripting via the plugin image comparison widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 1.2.6
ElementsKit Elementor Addons and Templates 1.2.7
ElementsKit Elementor Addons and Templates 1.2.9
ElementsKit Elementor Addons and Templates 1.3.1
ElementsKit Elementor Addons and Templates 1.3.2
ElementsKit Elementor Addons and Templates 1.3.3
ElementsKit Elementor Addons and Templates 1.3.4
ElementsKit Elementor Addons and Templates 1.3.5
ElementsKit Elementor Addons and Templates 1.3.8
ElementsKit Elementor Addons and Templates 1.3.9
ElementsKit Elementor Addons and Templates 1.4.0
ElementsKit Elementor Addons and Templates 1.4.1
ElementsKit Elementor Addons and Templates 1.4.2
ElementsKit Elementor Addons and Templates 1.4.3
ElementsKit Elementor Addons and Templates 1.4.4
ElementsKit Elementor Addons and Templates 1.4.5
ElementsKit Elementor Addons and Templates 1.4.7
ElementsKit Elementor Addons and Templates 1.4.8
ElementsKit Elementor Addons and Templates 1.4.9
ElementsKit Elementor Addons and Templates 1.5.0
ElementsKit Elementor Addons and Templates 1.5.1
ElementsKit Elementor Addons and Templates 1.5.2
ElementsKit Elementor Addons and Templates 1.5.4
ElementsKit Elementor Addons and Templates 1.5.5
ElementsKit Elementor Addons and Templates 1.5.6
ElementsKit Elementor Addons and Templates 1.5.7
ElementsKit Elementor Addons and Templates 1.5.8
ElementsKit Elementor Addons and Templates 1.5.9
ElementsKit Elementor Addons and Templates 1.5.10
ElementsKit Elementor Addons and Templates 1.5.11
ElementsKit Elementor Addons and Templates 1.5.12
ElementsKit Elementor Addons and Templates 2.0.0
ElementsKit Elementor Addons and Templates 2.0.1
ElementsKit Elementor Addons and Templates 2.0.2
ElementsKit Elementor Addons and Templates 2.0.3
ElementsKit Elementor Addons and Templates 2.0.4
ElementsKit Elementor Addons and Templates 2.0.5
ElementsKit Elementor Addons and Templates 2.0.6
ElementsKit Elementor Addons and Templates 2.0.7
ElementsKit Elementor Addons and Templates 2.0.8
ElementsKit Elementor Addons and Templates 2.0.9
ElementsKit Elementor Addons and Templates 2.0.9.1
ElementsKit Elementor Addons and Templates 2.0.9.2
ElementsKit Elementor Addons and Templates 2.0.9.3
ElementsKit Elementor Addons and Templates 2.0.10
ElementsKit Elementor Addons and Templates 2.0.11
ElementsKit Elementor Addons and Templates 2.0.12
ElementsKit Elementor Addons and Templates 2.0.13
ElementsKit Elementor Addons and Templates 2.1.0
ElementsKit Elementor Addons and Templates 2.1.1
ElementsKit Elementor Addons and Templates 2.1.2
ElementsKit Elementor Addons and Templates 2.1.3
ElementsKit Elementor Addons and Templates 2.1.4
ElementsKit Elementor Addons and Templates 2.1.5
ElementsKit Elementor Addons and Templates 2.1.6
ElementsKit Elementor Addons and Templates 2.1.7
ElementsKit Elementor Addons and Templates 2.2.0
ElementsKit Elementor Addons and Templates 2.2.1
ElementsKit Elementor Addons and Templates 2.2.2
ElementsKit Elementor Addons and Templates 2.2.3
ElementsKit Elementor Addons and Templates 2.2.4
ElementsKit Elementor Addons and Templates 2.3.0
ElementsKit Elementor Addons and Templates 2.3.1
ElementsKit Elementor Addons and Templates 2.3.1.1
ElementsKit Elementor Addons and Templates 2.3.2
ElementsKit Elementor Addons and Templates 2.3.3
ElementsKit Elementor Addons and Templates 2.3.4
ElementsKit Elementor Addons and Templates 2.3.5
ElementsKit Elementor Addons and Templates 2.3.6
ElementsKit Elementor Addons and Templates 2.3.7
ElementsKit Elementor Addons and Templates 2.4.0
ElementsKit Elementor Addons and Templates 2.5.0
ElementsKit Elementor Addons and Templates 2.5.1
ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7
ElementsKit Elementor Addons and Templates 3.2.8
ElementsKit Elementor Addons and Templates 3.2.9
ElementsKit Elementor Addons and Templates 3.3.0
ElementsKit Elementor Addons and Templates 3.3.1
ElementsKit Elementor Addons and Templates 3.3.2
ElementsKit Elementor Addons and Templates 3.3.3
ElementsKit Elementor Addons and Templates 3.3.4
ElementsKit Elementor Addons and Templates 3.3.5
ElementsKit Elementor Addons and Templates 3.3.6
ElementsKit Elementor Addons and Templates 3.3.7
ElementsKit Elementor Addons and Templates 3.3.8
ElementsKit Elementor Addons and Templates 3.3.9
ElementsKit Elementor Addons and Templates 3.4.0
ElementsKit Elementor Addons and Templates 3.4.1
ElementsKit Elementor Addons and Templates 3.4.2
ElementsKit Elementor Addons and Templates 3.4.3
ElementsKit Elementor Addons and Templates 3.4.4
ElementsKit Elementor Addons and Templates 3.4.5
ElementsKit Elementor Addons and Templates 3.4.6
ElementsKit Elementor Addons and Templates 3.4.7
ElementsKit Elementor Addons and Templates 3.4.8
ElementsKit Elementor Addons and Templates 3.4.9
ElementsKit Elementor Addons and Templates 3.5.0
ElementsKit Elementor Addons and Templates 3.5.1
ElementsKit Elementor Addons and Templates 3.5.2

Stored Cross-Site Scripting via Pricing Table Widget

Skrevet den 16. september 202518. oktober 2025 af i Essential Addons for Elementor

Plugin is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget due to insufficient input sanitization and output escaping on user supplied attributes.

This vulnerability affects the following application versions:

Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9
Essential Addons for Elementor 6.1.10
Essential Addons for Elementor 6.1.11
Essential Addons for Elementor 6.1.12

DOM-based xss via integration module configuration

Skrevet den 16. september 2025 af i Magento

An admin interface was vulnerable to dom‑based xss, specifically through fields like the integration module’s URL. Malicious JavaScript could be injected by an authenticated admin and executed in another admin’s browser session, often triggered when the victim clicks a crafted link

This vulnerability affects the following application versions:

Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Authenticated (admin+) PHP object injection

Skrevet den 16. september 2025 af i One Click Demo Import

The One Click Demo Import plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

This vulnerability affects the following application versions:

One Click Demo Import 3.0.0
One Click Demo Import 3.0.1
One Click Demo Import 3.0.2
One Click Demo Import 3.1.0
One Click Demo Import 3.1.1
One Click Demo Import 3.1.2
One Click Demo Import 3.2.0

Improper access control on report module

Skrevet den 16. september 2025 af i Magento

An Improper Access Control vulnerability results in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

This vulnerability affects the following application versions:

Magento 0.42.0-beta4
Magento 0.42.0-beta5
Magento 0.42.0-beta6
Magento 0.42.0-beta7
Magento 0.42.0-beta8
Magento 0.42.0-beta9
Magento 0.42.0-beta10
Magento 0.42.0-beta11
Magento 0.74.0-beta1
Magento 0.74.0-beta2
Magento 0.74.0-beta3
Magento 0.74.0-beta4
Magento 0.74.0-beta5
Magento 0.74.0-beta6
Magento 0.74.0-beta7
Magento 0.74.0-beta8
Magento 0.74.0-beta9
Magento 0.74.0-beta10
Magento 0.74.0-beta11
Magento 0.74.0-beta12
Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Authenticated stored xss via event calendar widget

Skrevet den 16. september 2025 af i Essential Addons for Elementor

Plugin is vulnerable to stored cross-site scripting via the eael_event_details_text parameter of event calendar widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7
Essential Addons for Elementor 6.0.8
Essential Addons for Elementor 6.0.9
Essential Addons for Elementor 6.0.10
Essential Addons for Elementor 6.0.11
Essential Addons for Elementor 6.0.12
Essential Addons for Elementor 6.0.13
Essential Addons for Elementor 6.0.14
Essential Addons for Elementor 6.0.15
Essential Addons for Elementor 6.1.0
Essential Addons for Elementor 6.1.1
Essential Addons for Elementor 6.1.2
Essential Addons for Elementor 6.1.3
Essential Addons for Elementor 6.1.4
Essential Addons for Elementor 6.1.5
Essential Addons for Elementor 6.1.6
Essential Addons for Elementor 6.1.7
Essential Addons for Elementor 6.1.8
Essential Addons for Elementor 6.1.9
Essential Addons for Elementor 6.1.10
Essential Addons for Elementor 6.1.11
Essential Addons for Elementor 6.1.12

Mitigate SSRF risk in Elementor ZIP downloads using wp_safe_remote_get

Skrevet den 16. september 202518. oktober 2025 af i Elementor Website Builder

`wp_safe_remote_get` ensures that only allowed hosts are accessed, preventing accidental or malicious requests to disallowed domains.

This vulnerability affects the following application versions:

Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4

Authenticated (contributor+) stored cross-site scripting in events calendar widget

Skrevet den 2. september 2025 af i Essential Addons for Elementor

Insufficient input sanitization and output escaping makes it possible for authenticated attackers with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26

Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget

Skrevet den 2. september 2025 af i Essential Addons for Elementor

Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3

Stored cross-site scripting via vulnerability dependency

Skrevet den 19. august 202518. oktober 2025 af i SVG Support

Stored XSS vulnerability available due to insufficient SVG sanitization, it may be exploited if the uploaded SVG image is included in line in an HTML page.

This vulnerability affects the following application versions:

SVG Support 2.4
SVG Support 2.4.1
SVG Support 2.4.2
SVG Support 2.5
SVG Support 2.5.1
SVG Support 2.5.2
SVG Support 2.5.3
SVG Support 2.5.4
SVG Support 2.5.5
SVG Support 2.5.6
SVG Support 2.5.7
SVG Support 2.5.8

Authenticated (contributor+) stored cross-site scripting via ‘start_timestamp’ parameter

Skrevet den 19. august 2025 af i WPForms

Stored Cross-Site Scripting available via the start_timestamp parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

WPForms 1.8.7.2
WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4
WPForms 1.9.1.1
WPForms 1.9.1.2
WPForms 1.9.1.3
WPForms 1.9.1.4
WPForms 1.9.1.5
WPForms 1.9.1.6
WPForms 1.9.2.1
WPForms 1.9.2.2
WPForms 1.9.2.3
WPForms 1.9.3.1
WPForms 1.9.3.2
WPForms 1.9.4.1
WPForms 1.9.4.2
WPForms 1.9.5

Sanitize input in admin report queries to prevent potential SQL injection.

Skrevet den 18. august 20255. marts 2026 af i WooCommerce

Improved the use of filters in get_order_report_data() by applying $wpdb->prepare() for safer handling of parameters like coupon_codes which could lead to potential sql injection.

This vulnerability affects the following application versions:

WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4
WooCommerce 3.5.5
WooCommerce 3.5.6
WooCommerce 3.5.7
WooCommerce 3.5.8
WooCommerce 3.5.9
WooCommerce 3.5.10
WooCommerce 3.6.0
WooCommerce 3.6.0-beta.1
WooCommerce 3.6.0-rc.1
WooCommerce 3.6.0-rc.2
WooCommerce 3.6.0-rc.3
WooCommerce 3.6.1
WooCommerce 3.6.2
WooCommerce 3.6.3
WooCommerce 3.6.4
WooCommerce 3.6.5
WooCommerce 3.6.6
WooCommerce 3.6.7
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0-rc.1
WooCommerce 3.7.0-rc.2
WooCommerce 3.7.1
WooCommerce 3.7.2
WooCommerce 3.7.3
WooCommerce 3.8.0
WooCommerce 3.8.0-beta.1
WooCommerce 3.8.0-rc.1
WooCommerce 3.8.0-rc.2
WooCommerce 3.8.1
WooCommerce 3.8.2
WooCommerce 3.8.3
WooCommerce 3.9.0
WooCommerce 3.9.0-beta.1
WooCommerce 3.9.0-beta.2
WooCommerce 3.9.0-rc.1
WooCommerce 3.9.0-rc.2
WooCommerce 3.9.0-rc.3
WooCommerce 3.9.0-rc.4
WooCommerce 3.9.1
WooCommerce 3.9.2
WooCommerce 3.9.3
WooCommerce 3.9.4
WooCommerce 3.9.5
WooCommerce 4.0.0
WooCommerce 4.0.0-beta.1
WooCommerce 4.0.0-rc.1
WooCommerce 4.0.0-rc.2
WooCommerce 4.0.1
WooCommerce 4.0.2
WooCommerce 4.0.3
WooCommerce 4.0.4
WooCommerce 4.1.0
WooCommerce 4.1.0-beta.1
WooCommerce 4.1.0-beta.2
WooCommerce 4.1.0-rc.1
WooCommerce 4.1.0-rc.2
WooCommerce 4.1.0-rc.3
WooCommerce 4.1.1
WooCommerce 4.1.2
WooCommerce 4.1.2.1
WooCommerce 4.1.3
WooCommerce 4.1.4
WooCommerce 4.2.0
WooCommerce 4.2.0-beta.1
WooCommerce 4.2.0-RC.1
WooCommerce 4.2.0-RC.2
WooCommerce 4.2.1
WooCommerce 4.2.2
WooCommerce 4.2.3
WooCommerce 4.2.3.1
WooCommerce 4.2.4
WooCommerce 4.2.5
WooCommerce 4.3.0
WooCommerce 4.3.0-beta.1
WooCommerce 4.3.0-rc.1
WooCommerce 4.3.0-rc.2
WooCommerce 4.3.0-rc.3
WooCommerce 4.3.1
WooCommerce 4.3.2
WooCommerce 4.3.3
WooCommerce 4.3.4
WooCommerce 4.3.4.1
WooCommerce 4.3.5
WooCommerce 4.3.6
WooCommerce 4.4.0
WooCommerce 4.4.0-beta.1
WooCommerce 4.4.0-rc.1
WooCommerce 4.4.1
WooCommerce 4.4.2
WooCommerce 4.4.2.1
WooCommerce 4.4.3
WooCommerce 4.4.4
WooCommerce 4.5.0
WooCommerce 4.5.0-beta.1
WooCommerce 4.5.0-rc.1
WooCommerce 4.5.0-rc.2
WooCommerce 4.5.0-rc.3
WooCommerce 4.5.1
WooCommerce 4.5.2
WooCommerce 4.5.3
WooCommerce 4.5.3.1
WooCommerce 4.5.4
WooCommerce 4.5.5
WooCommerce 4.6.0
WooCommerce 4.6.0-beta.1
WooCommerce 4.6.0-rc.1
WooCommerce 4.6.1
WooCommerce 4.6.2
WooCommerce 4.6.3
WooCommerce 4.6.3.1
WooCommerce 4.6.4
WooCommerce 4.6.5
WooCommerce 4.7.0
WooCommerce 4.7.0-beta.1
WooCommerce 4.7.0-beta.2
WooCommerce 4.7.0-rc.1
WooCommerce 4.7.1
WooCommerce 4.7.1-beta.1
WooCommerce 4.7.2
WooCommerce 4.7.3
WooCommerce 4.7.4
WooCommerce 4.8.0
WooCommerce 4.8.0-beta.1
WooCommerce 4.8.0-rc.1
WooCommerce 4.8.0-rc.2
WooCommerce 4.8.1
WooCommerce 4.8.2
WooCommerce 4.8.3
WooCommerce 4.9.0
WooCommerce 4.9.0-beta.1
WooCommerce 4.9.0-rc.1
WooCommerce 4.9.0-rc.2
WooCommerce 4.9.1
WooCommerce 4.9.2
WooCommerce 4.9.3
WooCommerce 4.9.4
WooCommerce 4.9.5
WooCommerce 5.0.0
WooCommerce 5.0.0-beta.1
WooCommerce 5.0.0-beta.2
WooCommerce 5.0.0-rc.1
WooCommerce 5.0.0-rc.2
WooCommerce 5.0.0-rc.3
WooCommerce 5.0.1
WooCommerce 5.0.2
WooCommerce 5.0.3
WooCommerce 5.1.0
WooCommerce 5.1.0-beta.1
WooCommerce 5.1.0-rc.1
WooCommerce 5.1.1
WooCommerce 5.1.2
WooCommerce 5.1.3
WooCommerce 5.2.0
WooCommerce 5.2.0-beta.1
WooCommerce 5.2.0-rc.1
WooCommerce 5.2.0-rc.2
WooCommerce 5.2.1
WooCommerce 5.2.2
WooCommerce 5.2.3
WooCommerce 5.2.4
WooCommerce 5.2.5
WooCommerce 5.3.0
WooCommerce 5.3.0-beta.1
WooCommerce 5.3.0-rc.1
WooCommerce 5.3.0-rc.2
WooCommerce 5.3.1
WooCommerce 5.3.2
WooCommerce 5.3.3
WooCommerce 5.4.0
WooCommerce 5.4.0-beta.1
WooCommerce 5.4.0-rc.1
WooCommerce 5.4.1
WooCommerce 5.4.2
WooCommerce 5.4.3
WooCommerce 5.4.4
WooCommerce 5.4.5
WooCommerce 5.5.0
WooCommerce 5.5.0-beta.1
WooCommerce 5.5.0-rc.1
WooCommerce 5.5.0-rc.2
WooCommerce 5.5.1
WooCommerce 5.5.2
WooCommerce 5.5.3
WooCommerce 5.5.4
WooCommerce 5.5.5
WooCommerce 5.6.0
WooCommerce 5.6.0-beta.1
WooCommerce 5.6.0-rc.1
WooCommerce 5.6.0-rc.2
WooCommerce 5.6.1
WooCommerce 5.6.2
WooCommerce 5.6.3
WooCommerce 5.7.0
WooCommerce 5.7.0-beta.1
WooCommerce 5.7.0-rc.1
WooCommerce 5.7.0-rc.2
WooCommerce 5.7.1
WooCommerce 5.7.2
WooCommerce 5.7.3
WooCommerce 5.8.0
WooCommerce 5.8.0-beta.1
WooCommerce 5.8.0-beta.2
WooCommerce 5.8.0-rc.1
WooCommerce 5.8.1
WooCommerce 5.8.2
WooCommerce 5.9.0
WooCommerce 5.9.0-beta.1
WooCommerce 5.9.0-rc.1
WooCommerce 5.9.0-RC.1
WooCommerce 5.9.0-rc.2
WooCommerce 5.9.1
WooCommerce 5.9.2
WooCommerce 6.0.0
WooCommerce 6.0.0-beta.1
WooCommerce 6.0.0-rc.1
WooCommerce 6.0.1
WooCommerce 6.0.2
WooCommerce 6.1.0
WooCommerce 6.1.0-beta.1
WooCommerce 6.1.0-rc.1
WooCommerce 6.1.0-rc.2
WooCommerce 6.1.1
WooCommerce 6.1.2
WooCommerce 6.1.3
WooCommerce 6.2.0
WooCommerce 6.2.0-beta.1
WooCommerce 6.2.0-rc.1
WooCommerce 6.2.0-rc.2
WooCommerce 6.2.1
WooCommerce 6.2.2
WooCommerce 6.2.3
WooCommerce 6.3.0
WooCommerce 6.3.0-beta.1
WooCommerce 6.3.0-rc.1
WooCommerce 6.3.0-rc.2
WooCommerce 6.3.1
WooCommerce 6.3.2
WooCommerce 6.4.0
WooCommerce 6.4.0-beta.1
WooCommerce 6.4.0-rc.1
WooCommerce 6.4.1
WooCommerce 6.4.2
WooCommerce 6.5.0
WooCommerce 6.5.0-beta.1
WooCommerce 6.5.0-rc.1
WooCommerce 6.5.0-rc.2
WooCommerce 6.5.1
WooCommerce 6.5.2
WooCommerce 6.6.0
WooCommerce 6.6.0-beta.1
WooCommerce 6.6.0-rc.1
WooCommerce 6.6.0-rc.2
WooCommerce 6.6.1
WooCommerce 6.6.2
WooCommerce 6.7.0
WooCommerce 6.7.0-beta.1
WooCommerce 6.7.0-beta.2
WooCommerce 6.7.0-rc.1
WooCommerce 6.7.1
WooCommerce 6.8.0
WooCommerce 6.8.0-beta.1
WooCommerce 6.8.0-beta.2
WooCommerce 6.8.0-rc.1
WooCommerce 6.8.1
WooCommerce 6.8.2
WooCommerce 6.8.3
WooCommerce 6.9.0
WooCommerce 6.9.0-beta.1
WooCommerce 6.9.0-beta.2
WooCommerce 6.9.0-rc.1
WooCommerce 6.9.1
WooCommerce 6.9.2
WooCommerce 6.9.3
WooCommerce 6.9.4
WooCommerce 6.9.5
WooCommerce 7.0.0
WooCommerce 7.0.0-beta.1
WooCommerce 7.0.0-beta.2
WooCommerce 7.0.0-beta.3
WooCommerce 7.0.0-rc.1
WooCommerce 7.0.0-rc.2
WooCommerce 7.0.1
WooCommerce 7.0.2
WooCommerce 7.1.0
WooCommerce 7.1.0-beta.1
WooCommerce 7.1.0-beta.2
WooCommerce 7.1.0-rc.1
WooCommerce 7.1.0-rc.2
WooCommerce 7.1.1
WooCommerce 7.1.2
WooCommerce 7.2.0
WooCommerce 7.2.0-beta.1
WooCommerce 7.2.0-beta.2
WooCommerce 7.2.0-rc.1
WooCommerce 7.2.0-rc.2
WooCommerce 7.2.1
WooCommerce 7.2.2
WooCommerce 7.2.3
WooCommerce 7.2.4
WooCommerce 7.3.0
WooCommerce 7.3.0-beta.1
WooCommerce 7.3.0-beta.2
WooCommerce 7.3.0-rc.1
WooCommerce 7.3.0-rc.2
WooCommerce 7.3.1
WooCommerce 7.4.0
WooCommerce 7.4.0-beta.1
WooCommerce 7.4.0-beta.2
WooCommerce 7.4.0-rc.1
WooCommerce 7.4.0-rc.2
WooCommerce 7.4.1
WooCommerce 7.4.2
WooCommerce 7.5.0
WooCommerce 7.5.0-beta.1
WooCommerce 7.5.0-beta.2
WooCommerce 7.5.0-rc.1
WooCommerce 7.5.1
WooCommerce 7.5.2
WooCommerce 7.6.0
WooCommerce 7.6.0-beta.1
WooCommerce 7.6.0-beta.2
WooCommerce 7.6.0-rc.1
WooCommerce 7.6.0-rc.2
WooCommerce 7.6.0-rc.3
WooCommerce 7.6.1
WooCommerce 7.6.2
WooCommerce 7.7.0
WooCommerce 7.7.0-beta.1
WooCommerce 7.7.0-beta.2
WooCommerce 7.7.0-rc.1
WooCommerce 7.7.1
WooCommerce 7.7.2
WooCommerce 7.7.3
WooCommerce 7.8.0
WooCommerce 7.8.0-beta.1
WooCommerce 7.8.0-beta.2
WooCommerce 7.8.0-rc.1
WooCommerce 7.8.0-rc.2
WooCommerce 7.8.1
WooCommerce 7.8.2
WooCommerce 7.8.3
WooCommerce 7.8.4
WooCommerce 7.9.0
WooCommerce 7.9.0-beta.1
WooCommerce 7.9.0-beta.2
WooCommerce 7.9.0-rc.2
WooCommerce 7.9.0-rc.3
WooCommerce 7.9.1
WooCommerce 7.9.2
WooCommerce 8.0.0
WooCommerce 8.0.0-beta.1
WooCommerce 8.0.0-beta.2
WooCommerce 8.0.0-rc.1
WooCommerce 8.0.0-rc.2
WooCommerce 8.0.1
WooCommerce 8.0.2
WooCommerce 8.0.3
WooCommerce 8.0.4
WooCommerce 8.0.5
WooCommerce 8.1.0
WooCommerce 8.1.0-a.3
WooCommerce 8.1.0-a.4
WooCommerce 8.1.0-a.5
WooCommerce 8.1.0-beta.1
WooCommerce 8.1.0-rc.1
WooCommerce 8.1.0-rc.2
WooCommerce 8.1.1
WooCommerce 8.1.2
WooCommerce 8.1.3
WooCommerce 8.1.4
WooCommerce 8.2.0
WooCommerce 8.2.0-a.1
WooCommerce 8.2.0-beta.1
WooCommerce 8.2.0-rc.1
WooCommerce 8.2.0-rc.2
WooCommerce 8.2.1
WooCommerce 8.2.2
WooCommerce 8.2.3
WooCommerce 8.2.4
WooCommerce 8.2.5
WooCommerce 8.3.0
WooCommerce 8.3.0-beta.1
WooCommerce 8.3.0-rc.1
WooCommerce 8.3.0-rc.2
WooCommerce 8.3.1
WooCommerce 8.3.2
WooCommerce 8.3.3
WooCommerce 8.3.4
WooCommerce 8.4.0
WooCommerce 8.4.0-beta.1
WooCommerce 8.4.0-rc.1
WooCommerce 8.4.1
WooCommerce 8.4.2
WooCommerce 8.4.3
WooCommerce 8.5.0
WooCommerce 8.5.0-beta.1
WooCommerce 8.5.0-rc.1
WooCommerce 8.5.1
WooCommerce 8.5.2
WooCommerce 8.5.3
WooCommerce 8.5.4
WooCommerce 8.5.5
WooCommerce 8.6.0
WooCommerce 8.6.0-beta.1
WooCommerce 8.6.0-rc.1
WooCommerce 8.6.1
WooCommerce 8.6.2
WooCommerce 8.6.3
WooCommerce 8.6.4
WooCommerce 8.7.0
WooCommerce 8.7.0-beta.1
WooCommerce 8.7.0-beta.2
WooCommerce 8.7.0-rc.1
WooCommerce 8.7.1
WooCommerce 8.7.2
WooCommerce 8.7.3
WooCommerce 8.8.0
WooCommerce 8.8.0-beta.1
WooCommerce 8.8.0-rc.1
WooCommerce 8.8.1
WooCommerce 8.8.2
WooCommerce 8.8.3
WooCommerce 8.8.4
WooCommerce 8.8.5
WooCommerce 8.8.6
WooCommerce 8.8.7
WooCommerce 8.9.0
WooCommerce 8.9.0-beta.1
WooCommerce 8.9.0-rc.1
WooCommerce 8.9.1
WooCommerce 8.9.2
WooCommerce 8.9.3
WooCommerce 8.9.4
WooCommerce 8.9.5
WooCommerce 9.0.0
WooCommerce 9.0.0-beta.1
WooCommerce 9.0.0-beta.2
WooCommerce 9.0.0-rc.1
WooCommerce 9.0.1
WooCommerce 9.0.2
WooCommerce 9.0.3
WooCommerce 9.0.4
WooCommerce 9.1.0
WooCommerce 9.1.0-beta.1
WooCommerce 9.1.0-rc.1
WooCommerce 9.1.1
WooCommerce 9.1.2
WooCommerce 9.1.3
WooCommerce 9.1.4
WooCommerce 9.1.5
WooCommerce 9.1.6
WooCommerce 9.2.0
WooCommerce 9.2.0-beta.1
WooCommerce 9.2.0-rc.1
WooCommerce 9.2.1
WooCommerce 9.2.2
WooCommerce 9.2.3
WooCommerce 9.2.4
WooCommerce 9.2.5
WooCommerce 9.3.0
WooCommerce 9.3.0-beta.1
WooCommerce 9.3.0-rc.1
WooCommerce 9.3.1
WooCommerce 9.3.2
WooCommerce 9.3.3
WooCommerce 9.3.4
WooCommerce 9.3.5
WooCommerce 9.3.6
WooCommerce 9.4.0
WooCommerce 9.4.0-beta.1
WooCommerce 9.4.0-beta.2
WooCommerce 9.4.0-rc.1
WooCommerce 9.4.0-rc.2
WooCommerce 9.4.0-rc.3
WooCommerce 9.4.0-rc.4
WooCommerce 9.4.1
WooCommerce 9.4.2
WooCommerce 9.4.3
WooCommerce 9.4.4
WooCommerce 9.4.5
WooCommerce 9.5.0
WooCommerce 9.5.0-beta.1
WooCommerce 9.5.0-beta.2
WooCommerce 9.5.0-rc.1
WooCommerce 9.5.1
WooCommerce 9.5.2
WooCommerce 9.5.3
WooCommerce 9.5.4
WooCommerce 9.6.0
WooCommerce 9.6.0-beta.1
WooCommerce 9.6.0-beta.2
WooCommerce 9.6.0-rc.1
WooCommerce 9.6.1
WooCommerce 9.6.2
WooCommerce 9.6.3
WooCommerce 9.6.4
WooCommerce 9.7.0
WooCommerce 9.7.0-beta.1
WooCommerce 9.7.0-rc.1
WooCommerce 9.7.1
WooCommerce 9.7.2
WooCommerce 9.7.3
WooCommerce 9.8.0
WooCommerce 9.8.0-beta.1
WooCommerce 9.8.0-rc.1
WooCommerce 9.8.1
WooCommerce 9.8.2
WooCommerce 9.8.3
WooCommerce 9.8.4
WooCommerce 9.8.5
WooCommerce 9.8.6
WooCommerce 9.8.7
WooCommerce 9.9.0
WooCommerce 9.9.0-beta.1
WooCommerce 9.9.0-rc.1
WooCommerce 9.9.1
WooCommerce 9.9.2
WooCommerce 9.9.3
WooCommerce list
WooCommerce nightly

Input Sanitization for replytocom Parameter

Skrevet den 18. august 202518. oktober 2025 af i All in One SEO Pack

This patch resolves by properly sanitizing the replytocom URL parameter, which was previously vulnerable to reflected XSS attacks. The updated code ensures that user-supplied input is safely handled, preventing malicious script injection and improving front-end security.

This vulnerability affects the following application versions:

All in One SEO Pack 4.3.7.1
All in One SEO Pack 4.7.3
All in One SEO Pack 4.7.4.1
All in One SEO Pack 4.7.4.2
All in One SEO Pack 4.7.5
All in One SEO Pack 4.7.5.1
All in One SEO Pack 4.7.6
All in One SEO Pack 4.7.7
All in One SEO Pack 4.7.7.1
All in One SEO Pack 4.7.7.2
All in One SEO Pack 4.7.8
All in One SEO Pack 4.7.9
All in One SEO Pack 4.7.9.1
All in One SEO Pack 4.8.0
All in One SEO Pack 4.8.1
All in One SEO Pack 4.8.1.1

XSS via the plugin’s widgets

Skrevet den 18. august 202518. oktober 2025 af i Essential Addons for Elementor

Plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Fancy Text’, ‘Filter Gallery’, ‘Sticky Video’, ‘Content Ticker’, ‘Woo Product Gallery’, & ‘Twitter Feed’ widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19

Authenticated (author+) stored cross-site scripting via svg file upload

Skrevet den 14. august 2025 af i SVG Support

Stored cross-site scripting vulnerability available via svg file uploads due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the svg file. By default, this can only be exploited by administrators, but the ability to upload svg files can be extended to authors.

This vulnerability affects the following application versions:

SVG Support 2.5.2
SVG Support 2.5.3
SVG Support 2.5.4
SVG Support 2.5.5
SVG Support 2.5.6
SVG Support 2.5.7
SVG Support 2.5.8
SVG Support 2.5.9
SVG Support 2.5.10

Improper cleanup of export files leading to information disclosure

Skrevet den 30. juli 2025 af i Popup Builder by Forward Looking

Exported files were not properly deleted, making them accessible through direct URLs. This exposed sensitive data to unauthorized users.

This vulnerability affects the following application versions:

Popup Builder by Forward Looking 3.3
Popup Builder by Forward Looking 3.4
Popup Builder by Forward Looking 3.7
Popup Builder by Forward Looking 3.7.1
Popup Builder by Forward Looking 3.41
Popup Builder by Forward Looking 3.42
Popup Builder by Forward Looking 3.43
Popup Builder by Forward Looking 3.44
Popup Builder by Forward Looking 3.45
Popup Builder by Forward Looking 3.46
Popup Builder by Forward Looking 3.47
Popup Builder by Forward Looking 3.48
Popup Builder by Forward Looking 3.49
Popup Builder by Forward Looking 3.50
Popup Builder by Forward Looking 3.51
Popup Builder by Forward Looking 3.52
Popup Builder by Forward Looking 3.53
Popup Builder by Forward Looking 3.54
Popup Builder by Forward Looking 3.55
Popup Builder by Forward Looking 3.56
Popup Builder by Forward Looking 3.57
Popup Builder by Forward Looking 3.58
Popup Builder by Forward Looking 3.59
Popup Builder by Forward Looking 3.60
Popup Builder by Forward Looking 3.61
Popup Builder by Forward Looking 3.61.1
Popup Builder by Forward Looking 3.62
Popup Builder by Forward Looking 3.62.1
Popup Builder by Forward Looking 3.63
Popup Builder by Forward Looking 3.64
Popup Builder by Forward Looking 3.64.1
Popup Builder by Forward Looking 3.65
Popup Builder by Forward Looking 3.65.1
Popup Builder by Forward Looking 3.65.2
Popup Builder by Forward Looking 3.66
Popup Builder by Forward Looking 3.67
Popup Builder by Forward Looking 3.68.1
Popup Builder by Forward Looking 3.68.2
Popup Builder by Forward Looking 3.68.3
Popup Builder by Forward Looking 3.68.4
Popup Builder by Forward Looking 3.68.5
Popup Builder by Forward Looking 3.68.5.1
Popup Builder by Forward Looking 3.68.5.2
Popup Builder by Forward Looking 3.69
Popup Builder by Forward Looking 3.69.1
Popup Builder by Forward Looking 3.69.2
Popup Builder by Forward Looking 3.69.3
Popup Builder by Forward Looking 3.69.4
Popup Builder by Forward Looking 3.69.5
Popup Builder by Forward Looking 3.69.6
Popup Builder by Forward Looking 3.71
Popup Builder by Forward Looking 3.72
Popup Builder by Forward Looking 3.73
Popup Builder by Forward Looking 3.74
Popup Builder by Forward Looking 3.75
Popup Builder by Forward Looking 3.76
Popup Builder by Forward Looking 3.77
Popup Builder by Forward Looking 3.78
Popup Builder by Forward Looking 3.79
Popup Builder by Forward Looking 3.81
Popup Builder by Forward Looking 3.82
Popup Builder by Forward Looking 3.83
Popup Builder by Forward Looking 3.84
Popup Builder by Forward Looking 4.0
Popup Builder by Forward Looking 4.0.1
Popup Builder by Forward Looking 4.0.2
Popup Builder by Forward Looking 4.0.3
Popup Builder by Forward Looking 4.0.4
Popup Builder by Forward Looking 4.0.5
Popup Builder by Forward Looking 4.0.6
Popup Builder by Forward Looking 4.0.7
Popup Builder by Forward Looking 4.0.8
Popup Builder by Forward Looking 4.0.9
Popup Builder by Forward Looking 4.1.0
Popup Builder by Forward Looking 4.1.1
Popup Builder by Forward Looking 4.1.2
Popup Builder by Forward Looking 4.1.3
Popup Builder by Forward Looking 4.1.4
Popup Builder by Forward Looking 4.1.5
Popup Builder by Forward Looking 4.1.6
Popup Builder by Forward Looking 4.1.7
Popup Builder by Forward Looking 4.1.8
Popup Builder by Forward Looking 4.1.9
Popup Builder by Forward Looking 4.1.10
Popup Builder by Forward Looking 4.1.11
Popup Builder by Forward Looking 4.1.12
Popup Builder by Forward Looking 4.1.13
Popup Builder by Forward Looking 4.1.14
Popup Builder by Forward Looking 4.1.15
Popup Builder by Forward Looking 4.2.0
Popup Builder by Forward Looking 4.2.2
Popup Builder by Forward Looking 4.2.3
Popup Builder by Forward Looking 4.2.4
Popup Builder by Forward Looking 4.2.5
Popup Builder by Forward Looking 4.2.6
Popup Builder by Forward Looking 4.2.7
Popup Builder by Forward Looking 4.3.0
Popup Builder by Forward Looking 4.3.2
Popup Builder by Forward Looking 4.3.3

Authenticated (admin+) directory traversal

Skrevet den 30. juli 2025 af i Smush

Vulnerability to directory traversal is available which makes it possible for authenticated attackers, with administrator-level access and above, to perform actions on files outside of the originally intended directory.

This vulnerability affects the following application versions:

Smush 3.8.3
Smush 3.8.4
Smush 3.8.5
Smush 3.8.7
Smush 3.8.8
Smush 3.9.0
Smush 3.9.1
Smush 3.9.2
Smush 3.9.4
Smush 3.9.5
Smush 3.9.8
Smush 3.9.9
Smush 3.9.11
Smush 3.10.1
Smush 3.10.2
Smush 3.10.3
Smush 3.11.1
Smush 3.12.3
Smush 3.12.4
Smush 3.12.5
Smush 3.12.6
Smush 3.13.0
Smush 3.13.1
Smush 3.13.2
Smush 3.14.0
Smush 3.14.1
Smush 3.14.2
Smush 3.15.0
Smush 3.15.1
Smush 3.15.2
Smush 3.15.3
Smush 3.15.4
Smush 3.15.5
Smush 3.16.2
Smush 3.16.4
Smush 3.16.5
Smush 3.16.6
Smush 3.17.0

Missing authorization to unauthenticated user and term metadata insert, update, and delete

Skrevet den 30. juli 202518. oktober 2025 af i Rank Math SEO

Missing authorization vulnerable available to unauthorized modification and loss of data due to a missing capability check on the ‘update_metadata’ function that makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with ‘rank_math’, and delete arbitrary existing user metadata

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218
Rank Math SEO 1.0.219
Rank Math SEO 1.0.220
Rank Math SEO 1.0.221
Rank Math SEO 1.0.222
Rank Math SEO 1.0.223
Rank Math SEO 1.0.224
Rank Math SEO 1.0.225
Rank Math SEO 1.0.226
Rank Math SEO 1.0.227
Rank Math SEO 1.0.227.1
Rank Math SEO 1.0.228

XSS in admin panels builder

Skrevet den 30. juli 202518. oktober 2025 af i WPForms

The wrap and slug values were directly inserted into HTML attributes without escaping. If these values were modified or influenced by untrusted input (directly or indirectly), this could lead to Cross-Site Scripting (XSS) vulnerability.

This vulnerability affects the following application versions:

WPForms 1.5.8.2
WPForms 1.5.9.1
WPForms 1.5.9.4
WPForms 1.5.9.5
WPForms 1.6.0.1
WPForms 1.6.0.2
WPForms 1.6.1
WPForms 1.6.2.2
WPForms 1.6.2.3
WPForms 1.6.3.1
WPForms 1.6.4
WPForms 1.6.4.1
WPForms 1.6.5
WPForms 1.6.6
WPForms 1.6.7
WPForms 1.6.7.1
WPForms 1.6.7.2
WPForms 1.6.7.3
WPForms 1.6.8
WPForms 1.6.8.1
WPForms 1.6.9
WPForms 1.7.0
WPForms 1.7.1.1
WPForms 1.7.1.2
WPForms 1.7.2
WPForms 1.7.2.1
WPForms 1.7.3
WPForms 1.7.4
WPForms 1.7.4.1
WPForms 1.7.4.2
WPForms 1.7.5.1
WPForms 1.7.5.2
WPForms 1.7.5.3
WPForms 1.7.5.5
WPForms 1.7.6
WPForms 1.7.7
WPForms 1.7.7.1
WPForms 1.7.7.2
WPForms 1.7.8
WPForms 1.7.9
WPForms 1.7.9.1
WPForms 1.8.0.1
WPForms 1.8.0.2
WPForms 1.8.1.1
WPForms 1.8.1.2
WPForms 1.8.1.3
WPForms 1.8.2.1
WPForms 1.8.2.2
WPForms 1.8.2.3
WPForms 1.8.3
WPForms 1.8.3.1
WPForms 1.8.4
WPForms 1.8.4.1
WPForms 1.8.5.2
WPForms 1.8.5.3
WPForms 1.8.5.4
WPForms 1.8.6.2
WPForms 1.8.6.3
WPForms 1.8.6.4
WPForms 1.8.7.2
WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4

Improper Access Control in Search and Term view

Skrevet den 22. juli 2025 af i Magento

Improper Access Control in Search and Term view.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Stored cross-site scripting in email template filter

Skrevet den 22. juli 202518. oktober 2025 af i Magento

Stored cross-site scripting vulnerability available that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.4-p12
Magento 2.4.4-p13
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.5-p11
Magento 2.4.5-p12
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.6-p8
Magento 2.4.6-p9
Magento 2.4.6-p10
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2
Magento 2.4.7-p3
Magento 2.4.7-p4
Magento 2.4.7-p5
Magento 2.4.8
Magento 2.4.8-beta1
Magento 2.4.8-beta2

Full Path Disclosure

Skrevet den 21. juli 2025 af i Duplicator

Unsafe filtering makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work.

This vulnerability affects the following application versions:

Duplicator 1.3.0
Duplicator 1.3.2
Duplicator 1.3.4
Duplicator 1.3.6
Duplicator 1.3.8
Duplicator 1.3.10
Duplicator 1.3.12
Duplicator 1.3.14
Duplicator 1.3.16
Duplicator 1.3.18
Duplicator 1.3.20
Duplicator 1.3.22
Duplicator 1.3.24
Duplicator 1.3.26
Duplicator 1.3.28
Duplicator 1.3.30
Duplicator 1.3.32
Duplicator 1.3.34
Duplicator 1.3.36
Duplicator 1.3.38
Duplicator 1.3.40
Duplicator 1.3.40.1
Duplicator 1.4.0
Duplicator 1.4.1
Duplicator 1.4.2
Duplicator 1.4.3
Duplicator 1.4.4
Duplicator 1.4.5
Duplicator 1.4.6
Duplicator 1.4.7
Duplicator 1.4.7.1
Duplicator 1.4.7.2
Duplicator 1.5.0
Duplicator 1.5.1
Duplicator 1.5.2
Duplicator 1.5.2.1
Duplicator 1.5.3
Duplicator 1.5.3.1
Duplicator 1.5.4
Duplicator 1.5.5
Duplicator 1.5.5.1
Duplicator 1.5.6
Duplicator 1.5.6.1
Duplicator 1.5.7
Duplicator 1.5.7.1
Duplicator 1.5.8
Duplicator 1.5.8.1
Duplicator 1.5.9

XSS in Posts

Skrevet den 21. juli 202518. oktober 2025 af i All in One SEO Pack

Due to insufficient input sanitization and output escaping, makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

All in One SEO Pack 4.0.6
All in One SEO Pack 4.0.7
All in One SEO Pack 4.0.8
All in One SEO Pack 4.0.9
All in One SEO Pack 4.0.10
All in One SEO Pack 4.0.12
All in One SEO Pack 4.0.15
All in One SEO Pack 4.0.16
All in One SEO Pack 4.0.17
All in One SEO Pack 4.0.18
All in One SEO Pack 4.1.0.1
All in One SEO Pack 4.1.0.2
All in One SEO Pack 4.1.0.3
All in One SEO Pack 4.1.1
All in One SEO Pack 4.1.1.1
All in One SEO Pack 4.1.1.2
All in One SEO Pack 4.1.2.1
All in One SEO Pack 4.1.2.2
All in One SEO Pack 4.1.2.3
All in One SEO Pack 4.1.3.1
All in One SEO Pack 4.1.3.3
All in One SEO Pack 4.1.3.4
All in One SEO Pack 4.1.4.1
All in One SEO Pack 4.1.4.2
All in One SEO Pack 4.1.4.3
All in One SEO Pack 4.1.4.4
All in One SEO Pack 4.1.4.5
All in One SEO Pack 4.1.5.1
All in One SEO Pack 4.1.5.2
All in One SEO Pack 4.1.5.3
All in One SEO Pack 4.1.6.2
All in One SEO Pack 4.1.7
All in One SEO Pack 4.1.8
All in One SEO Pack 4.1.9.1
All in One SEO Pack 4.1.9.3
All in One SEO Pack 4.1.9.4
All in One SEO Pack 4.1.10
All in One SEO Pack 4.2.0
All in One SEO Pack 4.2.1.1
All in One SEO Pack 4.2.2
All in One SEO Pack 4.2.3.1
All in One SEO Pack 4.2.4
All in One SEO Pack 4.2.5.1
All in One SEO Pack 4.2.6
All in One SEO Pack 4.2.6.1
All in One SEO Pack 4.2.7.1
All in One SEO Pack 4.2.8
All in One SEO Pack 4.2.9
All in One SEO Pack 4.3.0
All in One SEO Pack 4.3.1
All in One SEO Pack 4.3.1.1
All in One SEO Pack 4.3.2
All in One SEO Pack 4.3.3
All in One SEO Pack 4.3.4.1
All in One SEO Pack 4.3.5
All in One SEO Pack 4.3.6.1
All in One SEO Pack 4.3.7
All in One SEO Pack 4.3.8
All in One SEO Pack 4.3.9
All in One SEO Pack 4.4.0.1
All in One SEO Pack 4.4.1
All in One SEO Pack 4.4.2
All in One SEO Pack 4.4.3
All in One SEO Pack 4.4.4
All in One SEO Pack 4.4.5.1
All in One SEO Pack 4.4.6
All in One SEO Pack 4.4.7
All in One SEO Pack 4.4.7.1
All in One SEO Pack 4.4.8
All in One SEO Pack 4.4.9.1
All in One SEO Pack 4.4.9.2
All in One SEO Pack 4.5.0
All in One SEO Pack 4.5.1.1
All in One SEO Pack 4.5.2.1
All in One SEO Pack 4.5.3.1
All in One SEO Pack 4.5.4
All in One SEO Pack 4.5.5
All in One SEO Pack 4.5.6
All in One SEO Pack 4.5.7.1
All in One SEO Pack 4.5.7.2
All in One SEO Pack 4.5.7.3
All in One SEO Pack 4.5.8
All in One SEO Pack 4.5.9.1
All in One SEO Pack 4.5.9.2
All in One SEO Pack 4.6.0

XSS via the table names

Skrevet den 10. juli 202518. oktober 2025 af i Better Search Replace

The Better Search Replace plugin did not properly escape table names before rendering them in the HTML output of the search/replace report. This allowed an attacker to inject malicious JavaScript code via crafted table names, leading to a stored Cross-Site Scripting (XSS) vulnerability. Exploitation requires a user with access to manipulate database content or plugin inputs, and successful execution could result in the compromise of admin sessions or unauthorized actions within the WordPress dashboard.

This vulnerability affects the following application versions:

Better Search Replace 1.3.4
Better Search Replace 1.4
Better Search Replace 1.4.1
Better Search Replace 1.4.2
Better Search Replace 1.4.3
Better Search Replace 1.4.4
Better Search Replace 1.4.5

Authenticated (administrator+) PHP object injection

Skrevet den 10. juli 2025 af i Rank Math SEO

PHP object injection available via deserialization of untrusted input ‘set_redirections’ function. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP object.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218
Rank Math SEO 1.0.219
Rank Math SEO 1.0.220
Rank Math SEO 1.0.221
Rank Math SEO 1.0.222
Rank Math SEO 1.0.223
Rank Math SEO 1.0.224
Rank Math SEO 1.0.225
Rank Math SEO 1.0.226
Rank Math SEO 1.0.227
Rank Math SEO 1.0.227.1
Rank Math SEO 1.0.228

Authenticated (editor+) server-side request forgery in different sections

Skrevet den 9. juli 2025 af i LiteSpeed Cache

Server-side request forgery available in many modules. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

This vulnerability affects the following application versions:

LiteSpeed Cache 3.6.4
LiteSpeed Cache 4.0
LiteSpeed Cache 4.1
LiteSpeed Cache 4.2
LiteSpeed Cache 4.3
LiteSpeed Cache 4.4
LiteSpeed Cache 4.4.1
LiteSpeed Cache 4.4.2
LiteSpeed Cache 4.4.3
LiteSpeed Cache 4.4.4
LiteSpeed Cache 4.4.5
LiteSpeed Cache 4.4.6
LiteSpeed Cache 4.4.7
LiteSpeed Cache 4.5
LiteSpeed Cache 4.5.0.1
LiteSpeed Cache 4.6
LiteSpeed Cache 5.0
LiteSpeed Cache 5.0.0.1
LiteSpeed Cache 5.0.1
LiteSpeed Cache 5.1
LiteSpeed Cache 5.2
LiteSpeed Cache 5.2.1
LiteSpeed Cache 5.3
LiteSpeed Cache 5.3.1
LiteSpeed Cache 5.3.2
LiteSpeed Cache 5.3.3
LiteSpeed Cache 5.4
LiteSpeed Cache 5.5
LiteSpeed Cache 5.5.1
LiteSpeed Cache 5.6
LiteSpeed Cache 5.7
LiteSpeed Cache 5.7.0.1
LiteSpeed Cache 6.0
LiteSpeed Cache 6.0.0.1
LiteSpeed Cache 6.1
LiteSpeed Cache 6.2
LiteSpeed Cache 6.2.0.1
LiteSpeed Cache 6.3
LiteSpeed Cache 6.3.0.1
LiteSpeed Cache 6.4
LiteSpeed Cache 6.4.1
LiteSpeed Cache 6.5
LiteSpeed Cache 6.5.0.1
LiteSpeed Cache 6.5.0.2
LiteSpeed Cache 6.5.1
LiteSpeed Cache 6.5.2
LiteSpeed Cache 6.5.3
LiteSpeed Cache 6.5.4
LiteSpeed Cache 7.0
LiteSpeed Cache 7.0.0.1
LiteSpeed Cache 7.0.1

CSRF and access control vulnerability in notice dismissal handler

Skrevet den 9. juli 20255. august 2025 af i Spectra – WordPress Gutenberg Blocks

Cross-site request forgery possible because the code did not validate the wordpress security nonce before processing dismissal requests. This could allow any external site or attacker to craft a POST request that could be executed in the context of an authenticated wordpress user.

This vulnerability affects the following application versions:

Ultimate Addons for Elementor 1.6.34
Ultimate Addons for Elementor 1.6.35
Ultimate Addons for Elementor 1.6.36
Ultimate Addons for Elementor 1.6.37
Ultimate Addons for Elementor 2.0.0
Ultimate Addons for Elementor 2.0.1
Ultimate Addons for Elementor 2.0.2
Ultimate Addons for Elementor 2.0.3
Ultimate Addons for Elementor 2.0.4
Ultimate Addons for Elementor 2.0.5
Ultimate Addons for Elementor 2.0.6
Ultimate Addons for Elementor 2.1.0
Spectra – WordPress Gutenberg Blocks 1.24.0
Spectra – WordPress Gutenberg Blocks 1.24.1
Spectra – WordPress Gutenberg Blocks 1.24.2
Spectra – WordPress Gutenberg Blocks 1.25.0
Spectra – WordPress Gutenberg Blocks 1.25.1
Spectra – WordPress Gutenberg Blocks 1.25.2
Spectra – WordPress Gutenberg Blocks 1.25.3
Spectra – WordPress Gutenberg Blocks 1.25.4
Spectra – WordPress Gutenberg Blocks 1.25.5
Spectra – WordPress Gutenberg Blocks 1.25.6
Spectra – WordPress Gutenberg Blocks 2.0.0
Spectra – WordPress Gutenberg Blocks 2.0.1
Spectra – WordPress Gutenberg Blocks 2.0.2
Spectra – WordPress Gutenberg Blocks 2.0.3
Spectra – WordPress Gutenberg Blocks 2.0.4
Spectra – WordPress Gutenberg Blocks 2.0.5
Spectra – WordPress Gutenberg Blocks 2.0.6
Spectra – WordPress Gutenberg Blocks 2.0.7
Spectra – WordPress Gutenberg Blocks 2.0.8
Spectra – WordPress Gutenberg Blocks 2.0.9
Spectra – WordPress Gutenberg Blocks 2.0.10
Spectra – WordPress Gutenberg Blocks 2.0.11
Spectra – WordPress Gutenberg Blocks 2.0.12
Spectra – WordPress Gutenberg Blocks 2.0.13
Spectra – WordPress Gutenberg Blocks 2.0.14
Spectra – WordPress Gutenberg Blocks 2.0.15
Spectra – WordPress Gutenberg Blocks 2.0.16
Spectra – WordPress Gutenberg Blocks 2.1.0
Spectra – WordPress Gutenberg Blocks 2.1.1
Spectra – WordPress Gutenberg Blocks 2.2.0
Spectra – WordPress Gutenberg Blocks 2.3.0
Spectra – WordPress Gutenberg Blocks 2.3.1
Spectra – WordPress Gutenberg Blocks 2.3.2
Spectra – WordPress Gutenberg Blocks 2.3.3
Spectra – WordPress Gutenberg Blocks 2.3.4
Spectra – WordPress Gutenberg Blocks 2.3.5
Spectra – WordPress Gutenberg Blocks 2.4.0
Spectra – WordPress Gutenberg Blocks 2.4.1
Spectra – WordPress Gutenberg Blocks 2.4.2
Spectra – WordPress Gutenberg Blocks 2.5.0
Spectra – WordPress Gutenberg Blocks 2.5.1
Spectra – WordPress Gutenberg Blocks 2.6.0
Spectra – WordPress Gutenberg Blocks 2.6.1
Spectra – WordPress Gutenberg Blocks 2.6.2
Spectra – WordPress Gutenberg Blocks 2.6.3
Spectra – WordPress Gutenberg Blocks 2.6.4
Spectra – WordPress Gutenberg Blocks 2.6.5
Spectra – WordPress Gutenberg Blocks 2.6.6
Spectra – WordPress Gutenberg Blocks 2.6.7
Spectra – WordPress Gutenberg Blocks 2.6.8
Spectra – WordPress Gutenberg Blocks 2.6.9
Spectra – WordPress Gutenberg Blocks 2.7.0
Spectra – WordPress Gutenberg Blocks 2.7.1
Spectra – WordPress Gutenberg Blocks 2.7.2
Spectra – WordPress Gutenberg Blocks 2.7.3
Spectra – WordPress Gutenberg Blocks 2.7.4
Spectra – WordPress Gutenberg Blocks 2.7.5
Spectra – WordPress Gutenberg Blocks 2.7.6
Spectra – WordPress Gutenberg Blocks 2.7.7
Spectra – WordPress Gutenberg Blocks 2.7.8
Spectra – WordPress Gutenberg Blocks 2.7.9
Spectra – WordPress Gutenberg Blocks 2.7.10
Spectra – WordPress Gutenberg Blocks 2.7.11
Spectra – WordPress Gutenberg Blocks 2.8.0
Spectra – WordPress Gutenberg Blocks 2.9.0
Spectra – WordPress Gutenberg Blocks 2.9.1
Spectra – WordPress Gutenberg Blocks 2.10.0
Spectra – WordPress Gutenberg Blocks 2.10.1
Spectra – WordPress Gutenberg Blocks 2.10.2
Spectra – WordPress Gutenberg Blocks 2.10.3
Spectra – WordPress Gutenberg Blocks 2.10.4
Spectra – WordPress Gutenberg Blocks 2.10.5
Spectra – WordPress Gutenberg Blocks 2.11.0
Spectra – WordPress Gutenberg Blocks 2.11.1
Spectra – WordPress Gutenberg Blocks 2.11.2
Spectra – WordPress Gutenberg Blocks 2.11.3
Spectra – WordPress Gutenberg Blocks 2.11.4
Spectra – WordPress Gutenberg Blocks 2.12.0
Spectra – WordPress Gutenberg Blocks 2.12.1
Spectra – WordPress Gutenberg Blocks 2.12.2
Spectra – WordPress Gutenberg Blocks 2.12.3
Spectra – WordPress Gutenberg Blocks 2.12.4
Spectra – WordPress Gutenberg Blocks 2.12.5
Spectra – WordPress Gutenberg Blocks 2.12.6
Spectra – WordPress Gutenberg Blocks 2.12.7
Spectra – WordPress Gutenberg Blocks 2.12.8
Spectra – WordPress Gutenberg Blocks 2.12.9
Spectra – WordPress Gutenberg Blocks 2.13.0
Spectra – WordPress Gutenberg Blocks 2.13.1
Spectra – WordPress Gutenberg Blocks 2.13.2
Spectra – WordPress Gutenberg Blocks 2.13.3
Spectra – WordPress Gutenberg Blocks 2.13.4
Spectra – WordPress Gutenberg Blocks 2.13.5
Spectra – WordPress Gutenberg Blocks 2.13.6
Spectra – WordPress Gutenberg Blocks 2.13.7
Spectra – WordPress Gutenberg Blocks 2.13.8
Spectra – WordPress Gutenberg Blocks 2.13.9
Spectra – WordPress Gutenberg Blocks 2.14.0
Spectra – WordPress Gutenberg Blocks 2.14.1
Spectra – WordPress Gutenberg Blocks 2.15.0
Spectra – WordPress Gutenberg Blocks 2.15.1
Spectra – WordPress Gutenberg Blocks 2.15.2
Spectra – WordPress Gutenberg Blocks 2.15.3
Spectra – WordPress Gutenberg Blocks 2.16.0
Spectra – WordPress Gutenberg Blocks 2.16.1
Spectra – WordPress Gutenberg Blocks 2.16.2
Spectra – WordPress Gutenberg Blocks 2.16.3
Spectra – WordPress Gutenberg Blocks 2.16.4
Spectra – WordPress Gutenberg Blocks 2.16.5
Spectra – WordPress Gutenberg Blocks 2.17.0
Spectra – WordPress Gutenberg Blocks 2.18.0
Spectra – WordPress Gutenberg Blocks 2.18.1
Spectra – WordPress Gutenberg Blocks 2.18.2
Spectra – WordPress Gutenberg Blocks 2.18.3
Spectra – WordPress Gutenberg Blocks 2.19.0
Spectra – WordPress Gutenberg Blocks 2.19.1
Spectra – WordPress Gutenberg Blocks 2.19.2
Starter Templates – AI-Powered Templates 3.1.12
Starter Templates – AI-Powered Templates 3.1.13
Starter Templates – AI-Powered Templates 3.1.14
Starter Templates – AI-Powered Templates 3.1.15
Starter Templates – AI-Powered Templates 3.1.16
Starter Templates – AI-Powered Templates 3.5.3
Starter Templates – AI-Powered Templates 4.0.0
Starter Templates – AI-Powered Templates 4.0.1
Starter Templates – AI-Powered Templates 4.0.2
Starter Templates – AI-Powered Templates 4.0.3
Starter Templates – AI-Powered Templates 4.0.4
Starter Templates – AI-Powered Templates 4.0.5
Starter Templates – AI-Powered Templates 4.0.6
Starter Templates – AI-Powered Templates 4.0.7
Starter Templates – AI-Powered Templates 4.0.8
Starter Templates – AI-Powered Templates 4.0.9
Starter Templates – AI-Powered Templates 4.0.10
Starter Templates – AI-Powered Templates 4.0.11
Starter Templates – AI-Powered Templates 4.0.12
Starter Templates – AI-Powered Templates 4.0.13

Authenticated Stored XSS in admin

Skrevet den 3. juli 2025 af i Rank Math SEO

XSS vulnerability in the Rank Math SEO WordPress plugin allows any user with access to the plugin’s General Settings screen to inject malicious JavaScript into site pages, due to insufficient sanitization and escaping of settings inputs

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218

Incorrect permission in AJAX actions

Skrevet den 3. juli 202518. oktober 2025 af i Popup Builder by Forward Looking

Due to a missing capability check on all AJAX actions, makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks.

This vulnerability affects the following application versions:

Popup Builder by Forward Looking 3.0.2
Popup Builder by Forward Looking 3.0.3
Popup Builder by Forward Looking 3.0.4
Popup Builder by Forward Looking 3.0.5
Popup Builder by Forward Looking 3.0.6
Popup Builder by Forward Looking 3.0.7
Popup Builder by Forward Looking 3.0.8
Popup Builder by Forward Looking 3.0.9
Popup Builder by Forward Looking 3.0.9.1
Popup Builder by Forward Looking 3.1
Popup Builder by Forward Looking 3.1.1
Popup Builder by Forward Looking 3.1.2
Popup Builder by Forward Looking 3.1.3
Popup Builder by Forward Looking 3.1.4
Popup Builder by Forward Looking 3.1.4.1
Popup Builder by Forward Looking 3.1.5
Popup Builder by Forward Looking 3.1.5.1
Popup Builder by Forward Looking 3.1.5.2
Popup Builder by Forward Looking 3.1.6
Popup Builder by Forward Looking 3.1.6.1
Popup Builder by Forward Looking 3.1.7
Popup Builder by Forward Looking 3.1.7.1
Popup Builder by Forward Looking 3.1.8
Popup Builder by Forward Looking 3.1.9
Popup Builder by Forward Looking 3.2
Popup Builder by Forward Looking 3.3
Popup Builder by Forward Looking 3.4
Popup Builder by Forward Looking 3.7
Popup Builder by Forward Looking 3.7.1
Popup Builder by Forward Looking 3.41
Popup Builder by Forward Looking 3.42
Popup Builder by Forward Looking 3.43
Popup Builder by Forward Looking 3.44
Popup Builder by Forward Looking 3.45
Popup Builder by Forward Looking 3.46
Popup Builder by Forward Looking 3.47
Popup Builder by Forward Looking 3.48
Popup Builder by Forward Looking 3.49
Popup Builder by Forward Looking 3.50
Popup Builder by Forward Looking 3.51
Popup Builder by Forward Looking 3.52
Popup Builder by Forward Looking 3.53
Popup Builder by Forward Looking 3.54
Popup Builder by Forward Looking 3.55
Popup Builder by Forward Looking 3.56
Popup Builder by Forward Looking 3.57
Popup Builder by Forward Looking 3.58
Popup Builder by Forward Looking 3.59
Popup Builder by Forward Looking 3.60
Popup Builder by Forward Looking 3.61
Popup Builder by Forward Looking 3.61.1
Popup Builder by Forward Looking 3.62
Popup Builder by Forward Looking 3.62.1
Popup Builder by Forward Looking 3.63
Popup Builder by Forward Looking 3.64
Popup Builder by Forward Looking 3.64.1
Popup Builder by Forward Looking 3.65
Popup Builder by Forward Looking 3.65.1
Popup Builder by Forward Looking 3.65.2
Popup Builder by Forward Looking 3.66
Popup Builder by Forward Looking 3.67
Popup Builder by Forward Looking 3.68.1
Popup Builder by Forward Looking 3.68.2
Popup Builder by Forward Looking 3.68.3
Popup Builder by Forward Looking 3.68.4
Popup Builder by Forward Looking 3.68.5
Popup Builder by Forward Looking 3.68.5.1
Popup Builder by Forward Looking 3.68.5.2
Popup Builder by Forward Looking 3.69
Popup Builder by Forward Looking 3.69.1
Popup Builder by Forward Looking 3.69.2
Popup Builder by Forward Looking 3.69.3
Popup Builder by Forward Looking 3.69.4
Popup Builder by Forward Looking 3.69.5
Popup Builder by Forward Looking 3.69.6
Popup Builder by Forward Looking 3.71
Popup Builder by Forward Looking 3.72
Popup Builder by Forward Looking 3.73
Popup Builder by Forward Looking 3.74
Popup Builder by Forward Looking 3.75
Popup Builder by Forward Looking 3.76
Popup Builder by Forward Looking 3.77
Popup Builder by Forward Looking 3.78
Popup Builder by Forward Looking 3.79
Popup Builder by Forward Looking 3.81
Popup Builder by Forward Looking 3.82
Popup Builder by Forward Looking 3.83
Popup Builder by Forward Looking 3.84
Popup Builder by Forward Looking 4.0
Popup Builder by Forward Looking 4.0.1
Popup Builder by Forward Looking 4.0.2
Popup Builder by Forward Looking 4.0.3
Popup Builder by Forward Looking 4.0.4
Popup Builder by Forward Looking 4.0.5
Popup Builder by Forward Looking 4.0.6
Popup Builder by Forward Looking 4.0.7
Popup Builder by Forward Looking 4.0.8
Popup Builder by Forward Looking 4.0.9
Popup Builder by Forward Looking 4.1.0
Popup Builder by Forward Looking 4.1.1
Popup Builder by Forward Looking 4.1.2
Popup Builder by Forward Looking 4.1.3
Popup Builder by Forward Looking 4.1.4
Popup Builder by Forward Looking 4.1.5
Popup Builder by Forward Looking 4.1.6
Popup Builder by Forward Looking 4.1.7
Popup Builder by Forward Looking 4.1.8
Popup Builder by Forward Looking 4.1.9
Popup Builder by Forward Looking 4.1.10
Popup Builder by Forward Looking 4.1.11
Popup Builder by Forward Looking 4.1.12
Popup Builder by Forward Looking 4.1.13
Popup Builder by Forward Looking 4.1.14
Popup Builder by Forward Looking 4.1.15
Popup Builder by Forward Looking 4.2.0
Popup Builder by Forward Looking 4.2.2
Popup Builder by Forward Looking 4.2.3
Popup Builder by Forward Looking 4.2.4
Popup Builder by Forward Looking 4.2.5
Popup Builder by Forward Looking 4.2.6
Popup Builder by Forward Looking 4.2.7
Popup Builder by Forward Looking 4.3.0

Improper Neutralization of Input During Web Page Generation

Skrevet den 30. juni 202518. oktober 2025 af i Essential Addons for Elementor

A stored cross-site scripting vulnerability was discovered in the plugin’s handling of certain widget attributes, where insufficient input sanitization and output escaping allowed authenticated contributors to inject arbitrary scripts into page content .

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19

Authenticated (contributor+) stored cross-site scripting in filterable gallery

Skrevet den 27. juni 2025 af i Essential Addons for Elementor

Stored cross-site scripting is available via the ‘nomore_items_text’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23
Essential Addons for Elementor 5.9.24
Essential Addons for Elementor 5.9.25
Essential Addons for Elementor 5.9.26
Essential Addons for Elementor 5.9.27
Essential Addons for Elementor 6.0.0
Essential Addons for Elementor 6.0.1
Essential Addons for Elementor 6.0.2
Essential Addons for Elementor 6.0.3
Essential Addons for Elementor 6.0.4
Essential Addons for Elementor 6.0.5
Essential Addons for Elementor 6.0.6
Essential Addons for Elementor 6.0.7

Authenticated (Contributor+) stored cross-site scripting via ‘Dual Color Header’, ‘Event Calendar’, & ‘Advanced Data Table’

Skrevet den 20. juni 2025 af i Essential Addons for Elementor

Due to insufficient input sanitization and output escaping on user supplied attributes via the plugin’s ‘Dual Color Header’, ‘Event Calendar’, & ‘Advanced Data Table’ widgets, makes possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19

Authenticated (contributor+) stored cross-site scripting in elements trait

Skrevet den 19. juni 2025 af i Essential Addons for Elementor

Stored cross-site scripting available via the ‘eael_ext_toc_title_tag’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20

Authenticated (contributor+) stored cross-site scripting via interactive circle widget

Skrevet den 17. juni 2025 af i Essential Addons for Elementor

Insufficient input sanitization and output escaping on user supplied attributes allows for possible stored cross-site scripting. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19

Authenticated (Contributor+) stored cross-site scripting via eael_event_text-color

Skrevet den 17. juni 2025 af i Essential Addons for Elementor

Due to insufficient input sanitization and output escaping via `eael_event_text-color`, makes possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17

Authenticated (contributor+) stored cross-site scripting in team members widget

Skrevet den 10. juni 2025 af i Essential Addons for Elementor

Stored cross-site scripting available via the eael_team_members_image_rounded parameter in the team members widget due to insufficient input sanitization and output escaping.

This vulnerability affects the following application versions:

Essential Addons for Elementor 3.0.0
Essential Addons for Elementor 3.0.1
Essential Addons for Elementor 3.0.2
Essential Addons for Elementor 3.0.3
Essential Addons for Elementor 3.0.4
Essential Addons for Elementor 3.0.5
Essential Addons for Elementor 3.1.0
Essential Addons for Elementor 3.1.1
Essential Addons for Elementor 3.1.2
Essential Addons for Elementor 3.1.3
Essential Addons for Elementor 3.1.4
Essential Addons for Elementor 3.1.4.1
Essential Addons for Elementor 3.1.5
Essential Addons for Elementor 3.2.0
Essential Addons for Elementor 3.3.0
Essential Addons for Elementor 3.3.1
Essential Addons for Elementor 3.3.2
Essential Addons for Elementor 3.3.3
Essential Addons for Elementor 3.4.0
Essential Addons for Elementor 3.5.0
Essential Addons for Elementor 3.5.1
Essential Addons for Elementor 3.5.2
Essential Addons for Elementor 3.6.0
Essential Addons for Elementor 3.6.1
Essential Addons for Elementor 3.6.2
Essential Addons for Elementor 3.7.0
Essential Addons for Elementor 3.7.1
Essential Addons for Elementor 3.7.2
Essential Addons for Elementor 3.8.0
Essential Addons for Elementor 3.8.1
Essential Addons for Elementor 3.8.2
Essential Addons for Elementor 3.8.3
Essential Addons for Elementor 3.8.4
Essential Addons for Elementor 3.8.5
Essential Addons for Elementor 3.9.0
Essential Addons for Elementor 3.9.1
Essential Addons for Elementor 3.9.2
Essential Addons for Elementor 3.9.3
Essential Addons for Elementor 3.9.4
Essential Addons for Elementor 4.0.0
Essential Addons for Elementor 4.0.1
Essential Addons for Elementor 4.0.2
Essential Addons for Elementor 4.0.3
Essential Addons for Elementor 4.0.4
Essential Addons for Elementor 4.1.0
Essential Addons for Elementor 4.1.1
Essential Addons for Elementor 4.1.2
Essential Addons for Elementor 4.2.0
Essential Addons for Elementor 4.2.1
Essential Addons for Elementor 4.2.2
Essential Addons for Elementor 4.2.3
Essential Addons for Elementor 4.2.4
Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15

Missing Authorization to Unauthenticated Activation/Deactivation

Skrevet den 10. juni 202518. oktober 2025 af i W3 Total Cache

Due to a missing capability check on several functions in all versions up to, and including, 2.8.1, makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions.

This vulnerability affects the following application versions:

W3 Total Cache 0.9.6
W3 Total Cache 0.9.7
W3 Total Cache 0.9.7.1
W3 Total Cache 0.9.7.2
W3 Total Cache 0.9.7.3
W3 Total Cache 0.9.7.4
W3 Total Cache 0.9.7.5
W3 Total Cache 0.10.0
W3 Total Cache 0.10.1
W3 Total Cache 0.10.2
W3 Total Cache 0.11.0
W3 Total Cache 0.12.0
W3 Total Cache 0.13.0
W3 Total Cache 0.13.1
W3 Total Cache 0.13.2
W3 Total Cache 0.13.3
W3 Total Cache 0.14.0
W3 Total Cache 0.14.1
W3 Total Cache 0.14.2
W3 Total Cache 0.14.3
W3 Total Cache 0.14.4
W3 Total Cache 0.15.0
W3 Total Cache 0.15.1
W3 Total Cache 0.15.2
W3 Total Cache 2.0.0
W3 Total Cache 2.0.1
W3 Total Cache 2.1.0
W3 Total Cache 2.1.1
W3 Total Cache 2.1.2
W3 Total Cache 2.1.3
W3 Total Cache 2.1.4
W3 Total Cache 2.1.5
W3 Total Cache 2.1.6
W3 Total Cache 2.1.7
W3 Total Cache 2.1.8
W3 Total Cache 2.1.9
W3 Total Cache 2.2.0
W3 Total Cache 2.2.1
W3 Total Cache 2.2.2
W3 Total Cache 2.2.3
W3 Total Cache 2.2.4
W3 Total Cache 2.2.6
W3 Total Cache 2.2.7
W3 Total Cache 2.2.9
W3 Total Cache 2.2.10
W3 Total Cache 2.2.11
W3 Total Cache 2.2.12
W3 Total Cache 2.3.0
W3 Total Cache 2.3.1
W3 Total Cache 2.3.2
W3 Total Cache 2.3.3
W3 Total Cache 2.4.0
W3 Total Cache 2.4.0-alpha.1
W3 Total Cache 2.4.0-alpha.3
W3 Total Cache 2.4.1
W3 Total Cache 2.5.0
W3 Total Cache 2.6.0
W3 Total Cache 2.6.0-alpha.1
W3 Total Cache 2.6.0-alpha.2
W3 Total Cache 2.6.1
W3 Total Cache 2.7.0
W3 Total Cache 2.7.1
W3 Total Cache 2.7.2
W3 Total Cache 2.7.3
W3 Total Cache 2.7.4
W3 Total Cache 2.7.5
W3 Total Cache 2.7.6
W3 Total Cache 2.7.7
W3 Total Cache 2.7.7-beta.1
W3 Total Cache 2.8.0
W3 Total Cache 2.8.1

Shortcode-Based Stored Cross-Site Scripting

Skrevet den 5. juni 202518. oktober 2025 af i All in One SEO Pack

An authenticated user with contributor‐level access can insert malicious JavaScript into a shortcode field. Because input isn’t fully sanitized, that script is saved and later executed in the browser of anyone viewing the affected page—typically an administrator—allowing the attacker to steal session data, perform actions on behalf of higher‐privileged users, or inject further malicious content. This represents a stored cross‐site scripting (XSS) risk that can lead to full site compromise if left unaddressed.

This vulnerability affects the following application versions:

All in One SEO Pack 4.1.3.1
All in One SEO Pack 4.1.3.3
All in One SEO Pack 4.1.3.4
All in One SEO Pack 4.1.4.1
All in One SEO Pack 4.1.4.2
All in One SEO Pack 4.1.4.3
All in One SEO Pack 4.1.4.4
All in One SEO Pack 4.1.4.5
All in One SEO Pack 4.1.5.1
All in One SEO Pack 4.1.5.2
All in One SEO Pack 4.1.5.3
All in One SEO Pack 4.1.6.2
All in One SEO Pack 4.1.7
All in One SEO Pack 4.1.8
All in One SEO Pack 4.1.9.1
All in One SEO Pack 4.1.9.3
All in One SEO Pack 4.1.9.4
All in One SEO Pack 4.1.10
All in One SEO Pack 4.2.0
All in One SEO Pack 4.2.1.1
All in One SEO Pack 4.2.2
All in One SEO Pack 4.2.3.1
All in One SEO Pack 4.2.4
All in One SEO Pack 4.2.5.1
All in One SEO Pack 4.2.6
All in One SEO Pack 4.2.6.1
All in One SEO Pack 4.2.7.1
All in One SEO Pack 4.2.8
All in One SEO Pack 4.2.9
All in One SEO Pack 4.3.0
All in One SEO Pack 4.3.1
All in One SEO Pack 4.3.1.1
All in One SEO Pack 4.3.2
All in One SEO Pack 4.3.3
All in One SEO Pack 4.3.4.1
All in One SEO Pack 4.3.5
All in One SEO Pack 4.3.6.1
All in One SEO Pack 4.3.7
All in One SEO Pack 4.3.8
All in One SEO Pack 4.3.9
All in One SEO Pack 4.4.0.1
All in One SEO Pack 4.4.1
All in One SEO Pack 4.4.2
All in One SEO Pack 4.4.3
All in One SEO Pack 4.4.4
All in One SEO Pack 4.4.5.1
All in One SEO Pack 4.4.6
All in One SEO Pack 4.4.7
All in One SEO Pack 4.4.7.1
All in One SEO Pack 4.4.8
All in One SEO Pack 4.4.9.1
All in One SEO Pack 4.4.9.2
All in One SEO Pack 4.5.0
All in One SEO Pack 4.5.1.1
All in One SEO Pack 4.5.2.1
All in One SEO Pack 4.5.3.1
All in One SEO Pack 4.5.4
All in One SEO Pack 4.5.5
All in One SEO Pack 4.5.6
All in One SEO Pack 4.5.7.1
All in One SEO Pack 4.5.7.2
All in One SEO Pack 4.5.7.3
All in One SEO Pack 4.5.8
All in One SEO Pack 4.5.9.1
All in One SEO Pack 4.5.9.2
All in One SEO Pack 4.6.0

Improper validation of integrity check in order replay vulnerability

Skrevet den 5. juni 202518. oktober 2025 af i Contact Form 7

Due to insufficient validation of a user-controlled key in the `wpcf7_stripe_skip_spam_check` function, unauthenticated attackers can reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed through Stripe, but the plugin sends a success email message for each transaction, potentially tricking an administrator into fulfilling each order.

This vulnerability affects the following application versions:

Contact Form 7 5.5
Contact Form 7 5.5.1
Contact Form 7 5.5.2
Contact Form 7 5.5.3
Contact Form 7 5.5.4
Contact Form 7 5.5.5
Contact Form 7 5.5.6
Contact Form 7 5.5.6.1
Contact Form 7 5.6
Contact Form 7 5.6.1
Contact Form 7 5.6.2
Contact Form 7 5.6.3
Contact Form 7 5.6.4
Contact Form 7 5.7
Contact Form 7 5.7.1
Contact Form 7 5.7.2
Contact Form 7 5.7.3
Contact Form 7 5.7.4
Contact Form 7 5.7.5
Contact Form 7 5.7.5.1
Contact Form 7 5.7.6
Contact Form 7 5.7.7
Contact Form 7 5.8
Contact Form 7 5.8.1
Contact Form 7 5.8.2
Contact Form 7 5.8.3
Contact Form 7 5.8.4
Contact Form 7 5.8.5
Contact Form 7 5.8.6
Contact Form 7 5.8.7
Contact Form 7 5.9
Contact Form 7 5.9.2
Contact Form 7 5.9.3
Contact Form 7 5.9.4
Contact Form 7 5.9.5
Contact Form 7 5.9.6
Contact Form 7 5.9.7
Contact Form 7 5.9.8
Contact Form 7 6.0
Contact Form 7 6.0.1
Contact Form 7 6.0.2
Contact Form 7 6.0.3
Contact Form 7 6.0.4
Contact Form 7 6.0.5

Authenticated (contributor+) stored cross-site scripting via twitter feed widget

Skrevet den 4. juni 2025 af i Essential Addons for Elementor

Stored cross-site scripting via the twitter feed component available due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21

PHP Object Injection via error_resetpassword

Skrevet den 4. juni 202518. oktober 2025 af i Essential Addons for Elementor

This vulnerability arises from the deserialization of untrusted input in the error_resetpassword attribute of the Login | Register Form widget (which is disabled by default). It allows authenticated attackers with author-level access or higher to inject a PHP object. If a POP (Property-Oriented Programming) chain is present via an additional plugin or theme installed on the target system, this could enable the attacker to delete arbitrary files, access sensitive data, or execute arbitrary code.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13

Unauthenticated Sensitive Information Exposure via Debug Log Files

Skrevet den 30. maj 202518. oktober 2025 af i LiteSpeed Cache

Patch removes all debug-level logging of HTTP response headers and request cookies, disables the “Log Cookies” option entirely, and relocates debug files into a hard-to-guess directory (/wp-content/litespeed/debug/) with randomized filenames based on the site’s AUTH_KEY. It also adds an index.php to block directory listings and updates .htaccess to deny direct access to log files, fully preventing unauthenticated attackers from downloading sensitive data.

This vulnerability affects the following application versions:

LiteSpeed Cache 3.6.4
LiteSpeed Cache 4.0
LiteSpeed Cache 4.1
LiteSpeed Cache 4.2
LiteSpeed Cache 4.3
LiteSpeed Cache 4.4
LiteSpeed Cache 4.4.1
LiteSpeed Cache 4.4.2
LiteSpeed Cache 4.4.3
LiteSpeed Cache 4.4.4
LiteSpeed Cache 4.4.5
LiteSpeed Cache 4.4.6
LiteSpeed Cache 4.4.7
LiteSpeed Cache 4.5
LiteSpeed Cache 4.5.0.1
LiteSpeed Cache 4.6
LiteSpeed Cache 5.0
LiteSpeed Cache 5.0.0.1
LiteSpeed Cache 5.0.1
LiteSpeed Cache 5.1
LiteSpeed Cache 5.2
LiteSpeed Cache 5.2.1
LiteSpeed Cache 5.3
LiteSpeed Cache 5.3.1
LiteSpeed Cache 5.3.2
LiteSpeed Cache 5.3.3
LiteSpeed Cache 5.4
LiteSpeed Cache 5.5
LiteSpeed Cache 5.5.1
LiteSpeed Cache 5.6
LiteSpeed Cache 5.7
LiteSpeed Cache 5.7.0.1
LiteSpeed Cache 6.0
LiteSpeed Cache 6.0.0.1
LiteSpeed Cache 6.1
LiteSpeed Cache 6.2
LiteSpeed Cache 6.2.0.1
LiteSpeed Cache 6.3
LiteSpeed Cache 6.3.0.1
LiteSpeed Cache 6.4
LiteSpeed Cache 6.4.1

Authenticated stored cross-site scripting via the textAlign parameter

Skrevet den 27. maj 2025 af i Rank Math SEO

Stored cross-site scripting available via the ‘textAlign’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217

Unauthenticated Sensitive Information Exposure in ajax handler

Skrevet den 27. maj 202518. oktober 2025 af i Essential Addons for Elementor

Missing permission checks on the ajax_load_more(), eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() AJAX endpoints allow unauthenticated attackers to retrieve private or draft posts.

This vulnerability affects the following application versions:

Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15

Authenticated (contributor+) stored cross-site scripting via filterable gallery & interactive circle elements

Skrevet den 27. maj 2025 af i Essential Addons for Elementor

Insufficient input sanitization and output escaping on user supplied attributes makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 3.0.0
Essential Addons for Elementor 3.0.1
Essential Addons for Elementor 3.0.2
Essential Addons for Elementor 3.0.3
Essential Addons for Elementor 3.0.4
Essential Addons for Elementor 3.0.5
Essential Addons for Elementor 3.1.0
Essential Addons for Elementor 3.1.1
Essential Addons for Elementor 3.1.2
Essential Addons for Elementor 3.1.3
Essential Addons for Elementor 3.1.4
Essential Addons for Elementor 3.1.4.1
Essential Addons for Elementor 3.1.5
Essential Addons for Elementor 3.2.0
Essential Addons for Elementor 3.3.0
Essential Addons for Elementor 3.3.1
Essential Addons for Elementor 3.3.2
Essential Addons for Elementor 3.3.3
Essential Addons for Elementor 3.4.0
Essential Addons for Elementor 3.5.0
Essential Addons for Elementor 3.5.1
Essential Addons for Elementor 3.5.2
Essential Addons for Elementor 3.6.0
Essential Addons for Elementor 3.6.1
Essential Addons for Elementor 3.6.2
Essential Addons for Elementor 3.7.0
Essential Addons for Elementor 3.7.1
Essential Addons for Elementor 3.7.2
Essential Addons for Elementor 3.8.0
Essential Addons for Elementor 3.8.1
Essential Addons for Elementor 3.8.2
Essential Addons for Elementor 3.8.3
Essential Addons for Elementor 3.8.4
Essential Addons for Elementor 3.8.5
Essential Addons for Elementor 3.9.0
Essential Addons for Elementor 3.9.1
Essential Addons for Elementor 3.9.2
Essential Addons for Elementor 3.9.3
Essential Addons for Elementor 3.9.4
Essential Addons for Elementor 4.0.0
Essential Addons for Elementor 4.0.1
Essential Addons for Elementor 4.0.2
Essential Addons for Elementor 4.0.3
Essential Addons for Elementor 4.0.4
Essential Addons for Elementor 4.1.0
Essential Addons for Elementor 4.1.1
Essential Addons for Elementor 4.1.2
Essential Addons for Elementor 4.2.0
Essential Addons for Elementor 4.2.1
Essential Addons for Elementor 4.2.2
Essential Addons for Elementor 4.2.3
Essential Addons for Elementor 4.2.4
Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15

Authenticated (Administrator+) stored cross-site scripting

Skrevet den 21. maj 2025 af i LiteSpeed Cache

Due to insufficient input sanitization and output escaping, authenticated attackers with administrator-level permissions or higher can inject arbitrary web scripts into pages, which will execute whenever a user accesses an affected page.

This vulnerability affects the following application versions:

LiteSpeed Cache 3.6.4
LiteSpeed Cache 4.0
LiteSpeed Cache 4.1
LiteSpeed Cache 4.2
LiteSpeed Cache 4.3
LiteSpeed Cache 4.4
LiteSpeed Cache 4.4.1
LiteSpeed Cache 4.4.2
LiteSpeed Cache 4.4.3
LiteSpeed Cache 4.4.4
LiteSpeed Cache 4.4.5
LiteSpeed Cache 4.4.6
LiteSpeed Cache 4.4.7
LiteSpeed Cache 4.5
LiteSpeed Cache 4.5.0.1
LiteSpeed Cache 4.6
LiteSpeed Cache 5.0
LiteSpeed Cache 5.0.0.1
LiteSpeed Cache 5.0.1
LiteSpeed Cache 5.1
LiteSpeed Cache 5.2
LiteSpeed Cache 5.2.1
LiteSpeed Cache 5.3
LiteSpeed Cache 5.3.1
LiteSpeed Cache 5.3.2
LiteSpeed Cache 5.3.3
LiteSpeed Cache 5.4
LiteSpeed Cache 5.5
LiteSpeed Cache 5.5.1
LiteSpeed Cache 5.6
LiteSpeed Cache 5.7
LiteSpeed Cache 5.7.0.1
LiteSpeed Cache 6.0
LiteSpeed Cache 6.0.0.1
LiteSpeed Cache 6.1
LiteSpeed Cache 6.2
LiteSpeed Cache 6.2.0.1
LiteSpeed Cache 6.3
LiteSpeed Cache 6.3.0.1
LiteSpeed Cache 6.4
LiteSpeed Cache 6.4.1

Authenticated (contributor+) stored cross-site scripting via widget url attribute

Skrevet den 21. maj 2025 af i Essential Addons for Elementor

Due to insufficient input sanitization and output escaping on user supplied attributes, it makes possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.2.0
Essential Addons for Elementor 4.2.1
Essential Addons for Elementor 4.2.2
Essential Addons for Elementor 4.2.3
Essential Addons for Elementor 4.2.4
Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14

Authenticated stored XSS

Skrevet den 21. maj 2025 af i Rank Math SEO

Due to insufficient sanitization and escaping of certain settings, users with access to the General Settings page can perform stored Cross-Site Scripting (XSS) attacks, even if they do not have the unfiltered_html capability (as is the case in a multisite setup).

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218

Unauthenticated PHP Object Injection

Skrevet den 14. maj 202518. oktober 2025 af i All-in-One WP Migration and Backup

This security patch hardens your database migration tools by replacing PHP’s error-prone unserialize() with a safe, in-house parser that prevents tampering and malformed payloads.

This vulnerability affects the following application versions:

All-in-One WP Migration and Backup 7.76
All-in-One WP Migration and Backup 7.77
All-in-One WP Migration and Backup 7.78
All-in-One WP Migration and Backup 7.79
All-in-One WP Migration and Backup 7.80
All-in-One WP Migration and Backup 7.81
All-in-One WP Migration and Backup 7.82
All-in-One WP Migration and Backup 7.83
All-in-One WP Migration and Backup 7.84
All-in-One WP Migration and Backup 7.85
All-in-One WP Migration and Backup 7.86
All-in-One WP Migration and Backup 7.87
All-in-One WP Migration and Backup 7.88
All-in-One WP Migration and Backup 7.89

Stored Cross-Site Scripting via the border, margin and gap parameters

Skrevet den 13. maj 202518. oktober 2025 af i Elementor Website Builder

Due to insufficient input sanitization and output escaping, it is possible for authenticated attackers with Contributor-level access and above to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Elementor Website Builder 2.6.0
Elementor Website Builder 2.6.0-beta1
Elementor Website Builder 2.6.0-beta2
Elementor Website Builder 2.6.0-beta3
Elementor Website Builder 2.6.1
Elementor Website Builder 2.6.2
Elementor Website Builder 2.6.3
Elementor Website Builder 2.6.4
Elementor Website Builder 2.6.5
Elementor Website Builder 2.6.6
Elementor Website Builder 2.6.7
Elementor Website Builder 2.6.8
Elementor Website Builder 2.7.0
Elementor Website Builder 2.7.0-beta1
Elementor Website Builder 2.7.0-beta2
Elementor Website Builder 2.7.0-beta3
Elementor Website Builder 2.7.0-beta4
Elementor Website Builder 2.7.1
Elementor Website Builder 2.7.2
Elementor Website Builder 2.7.3
Elementor Website Builder 2.7.4
Elementor Website Builder 2.7.5
Elementor Website Builder 2.7.6
Elementor Website Builder 2.8.0
Elementor Website Builder 2.8.0-beta1
Elementor Website Builder 2.8.0-beta2
Elementor Website Builder 2.8.0-beta3
Elementor Website Builder 2.8.0-beta4
Elementor Website Builder 2.8.1
Elementor Website Builder 2.8.2
Elementor Website Builder 2.8.3
Elementor Website Builder 2.8.4
Elementor Website Builder 2.8.5
Elementor Website Builder 2.9.0
Elementor Website Builder 2.9.0-beta1
Elementor Website Builder 2.9.0-beta2
Elementor Website Builder 2.9.0-beta3
Elementor Website Builder 2.9.0-beta4
Elementor Website Builder 2.9.0-beta5
Elementor Website Builder 2.9.1
Elementor Website Builder 2.9.2
Elementor Website Builder 2.9.3
Elementor Website Builder 2.9.4
Elementor Website Builder 2.9.5
Elementor Website Builder 2.9.6
Elementor Website Builder 2.9.7
Elementor Website Builder 2.9.8
Elementor Website Builder 2.9.9
Elementor Website Builder 2.9.10
Elementor Website Builder 2.9.11
Elementor Website Builder 2.9.12
Elementor Website Builder 2.9.13
Elementor Website Builder 2.9.14
Elementor Website Builder 3.0.0
Elementor Website Builder 3.0.0-beta1
Elementor Website Builder 3.0.0-beta2
Elementor Website Builder 3.0.0-beta3
Elementor Website Builder 3.0.0-beta4
Elementor Website Builder 3.0.0-beta5
Elementor Website Builder 3.0.0-beta6
Elementor Website Builder 3.0.1
Elementor Website Builder 3.0.2
Elementor Website Builder 3.0.3
Elementor Website Builder 3.0.4
Elementor Website Builder 3.0.5
Elementor Website Builder 3.0.6
Elementor Website Builder 3.0.7
Elementor Website Builder 3.0.8
Elementor Website Builder 3.0.8.1
Elementor Website Builder 3.0.9
Elementor Website Builder 3.0.10
Elementor Website Builder 3.0.11
Elementor Website Builder 3.0.12
Elementor Website Builder 3.0.13
Elementor Website Builder 3.0.14
Elementor Website Builder 3.0.15
Elementor Website Builder 3.0.16
Elementor Website Builder 3.1.0
Elementor Website Builder 3.1.0-beta1
Elementor Website Builder 3.1.0-beta2
Elementor Website Builder 3.1.0-beta3
Elementor Website Builder 3.1.0-beta4
Elementor Website Builder 3.1.0-dev1
Elementor Website Builder 3.1.0-dev2
Elementor Website Builder 3.1.0-dev3
Elementor Website Builder 3.1.0-dev4
Elementor Website Builder 3.1.1
Elementor Website Builder 3.1.2
Elementor Website Builder 3.1.3
Elementor Website Builder 3.1.4
Elementor Website Builder 3.2.0
Elementor Website Builder 3.2.0-beta1
Elementor Website Builder 3.2.0-beta2
Elementor Website Builder 3.2.0-beta3
Elementor Website Builder 3.2.0-beta4
Elementor Website Builder 3.2.0-dev1
Elementor Website Builder 3.2.0-dev2
Elementor Website Builder 3.2.0-dev3
Elementor Website Builder 3.2.0-dev4
Elementor Website Builder 3.2.0-dev5
Elementor Website Builder 3.2.0-dev6
Elementor Website Builder 3.2.0-dev7
Elementor Website Builder 3.2.0-dev8
Elementor Website Builder 3.2.1
Elementor Website Builder 3.2.2
Elementor Website Builder 3.2.3
Elementor Website Builder 3.2.4
Elementor Website Builder 3.2.5
Elementor Website Builder 3.3.0
Elementor Website Builder 3.3.0-beta1
Elementor Website Builder 3.3.0-beta2
Elementor Website Builder 3.3.0-beta3
Elementor Website Builder 3.3.0-beta4
Elementor Website Builder 3.3.0-beta5
Elementor Website Builder 3.3.0-dev1
Elementor Website Builder 3.3.0-dev2
Elementor Website Builder 3.3.0-dev3
Elementor Website Builder 3.3.0-dev4
Elementor Website Builder 3.3.0-dev5
Elementor Website Builder 3.3.0-dev6
Elementor Website Builder 3.3.0-dev7
Elementor Website Builder 3.3.0-dev8
Elementor Website Builder 3.3.0-dev9
Elementor Website Builder 3.3.0-dev10
Elementor Website Builder 3.3.0-dev11
Elementor Website Builder 3.3.0-dev12
Elementor Website Builder 3.3.0-dev13
Elementor Website Builder 3.3.0-dev14
Elementor Website Builder 3.3.0-dev15
Elementor Website Builder 3.3.1
Elementor Website Builder 3.4.0
Elementor Website Builder 3.4.0-beta1
Elementor Website Builder 3.4.0-beta2
Elementor Website Builder 3.4.0-beta3
Elementor Website Builder 3.4.0-beta4
Elementor Website Builder 3.4.0-beta5
Elementor Website Builder 3.4.0-dev1
Elementor Website Builder 3.4.0-dev2
Elementor Website Builder 3.4.0-dev3
Elementor Website Builder 3.4.0-dev4
Elementor Website Builder 3.4.0-dev5
Elementor Website Builder 3.4.0-dev6
Elementor Website Builder 3.4.0-dev7
Elementor Website Builder 3.4.0-dev8
Elementor Website Builder 3.4.0-dev9
Elementor Website Builder 3.4.0-dev10
Elementor Website Builder 3.4.0-dev11
Elementor Website Builder 3.4.0-dev12
Elementor Website Builder 3.4.0-dev13
Elementor Website Builder 3.4.1
Elementor Website Builder 3.4.2
Elementor Website Builder 3.4.3
Elementor Website Builder 3.4.4
Elementor Website Builder 3.4.5
Elementor Website Builder 3.4.6
Elementor Website Builder 3.4.7
Elementor Website Builder 3.4.8
Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev1
Elementor Website Builder 3.5.0-dev2
Elementor Website Builder 3.5.0-dev3
Elementor Website Builder 3.5.0-dev4
Elementor Website Builder 3.5.0-dev5
Elementor Website Builder 3.5.0-dev6
Elementor Website Builder 3.5.0-dev7
Elementor Website Builder 3.5.0-dev8
Elementor Website Builder 3.5.0-dev9
Elementor Website Builder 3.5.0-dev10
Elementor Website Builder 3.5.0-dev11
Elementor Website Builder 3.5.0-dev12
Elementor Website Builder 3.5.0-dev13
Elementor Website Builder 3.5.0-dev14
Elementor Website Builder 3.5.0-dev15
Elementor Website Builder 3.5.0-dev16
Elementor Website Builder 3.5.0-dev17
Elementor Website Builder 3.5.0-dev18
Elementor Website Builder 3.5.0-dev19
Elementor Website Builder 3.5.0-dev20
Elementor Website Builder 3.5.0-dev21
Elementor Website Builder 3.5.0-dev22
Elementor Website Builder 3.5.0-dev23
Elementor Website Builder 3.5.0-dev24
Elementor Website Builder 3.5.0-dev25
Elementor Website Builder 3.5.0-dev26
Elementor Website Builder 3.5.0-dev27
Elementor Website Builder 3.5.0-dev28
Elementor Website Builder 3.5.0-dev29
Elementor Website Builder 3.5.0-dev30
Elementor Website Builder 3.5.0-dev31
Elementor Website Builder 3.5.0-dev32
Elementor Website Builder 3.5.0-dev33
Elementor Website Builder 3.5.0-dev34
Elementor Website Builder 3.5.0-dev35
Elementor Website Builder 3.5.0-dev36
Elementor Website Builder 3.5.0-dev37
Elementor Website Builder 3.5.0-dev38
Elementor Website Builder 3.5.0-dev39
Elementor Website Builder 3.5.0-dev40
Elementor Website Builder 3.5.0-dev41
Elementor Website Builder 3.5.0-dev42
Elementor Website Builder 3.5.0-dev43
Elementor Website Builder 3.5.0-dev44
Elementor Website Builder 3.5.0-dev45
Elementor Website Builder 3.5.0-dev46
Elementor Website Builder 3.5.0-dev47
Elementor Website Builder 3.5.0-dev48
Elementor Website Builder 3.5.0-dev49
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.25.11
Elementor Website Builder 3.26.0
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-beta4
Elementor Website Builder 3.26.0-beta5
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3
Elementor Website Builder 3.26.0-dev4
Elementor Website Builder 3.26.0-dev5
Elementor Website Builder 3.26.1
Elementor Website Builder 3.26.2
Elementor Website Builder 3.26.3
Elementor Website Builder 3.26.4
Elementor Website Builder 3.26.5
Elementor Website Builder 3.27.0
Elementor Website Builder 3.27.0-beta1
Elementor Website Builder 3.27.0-beta2
Elementor Website Builder 3.27.0-dev1
Elementor Website Builder 3.27.0-dev2
Elementor Website Builder 3.27.1
Elementor Website Builder 3.27.2
Elementor Website Builder 3.27.3
Elementor Website Builder 3.27.4

Unauthenticated Iinformation exposure via ekit_widgetarea_content function

Skrevet den 13. maj 202518. oktober 2025 af i ElementsKit Elementor Addons and Templates

Due to a missing capability checks on ekit_widgetarea_content function, unauthenticated attackers are able to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0

Authenticated (Administrator+) stored cross-site scripting

Skrevet den 13. maj 2025 af i Rank Math SEO

Due to insufficient input sanitization and output escaping, authenticated attackers, with administrator-level permissions and above, are ab;e inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218

Missing authorization in dynamic content api

Skrevet den 13. maj 202518. oktober 2025 af i ElementsKit Elementor Addons and Templates

Plugin is vulnerable due to a missing capability check on the get_content_editor() which can cause unauthorized modification of data.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 1.2.6
ElementsKit Elementor Addons and Templates 1.2.7
ElementsKit Elementor Addons and Templates 1.2.9
ElementsKit Elementor Addons and Templates 1.3.1
ElementsKit Elementor Addons and Templates 1.3.2
ElementsKit Elementor Addons and Templates 1.3.3
ElementsKit Elementor Addons and Templates 1.3.4
ElementsKit Elementor Addons and Templates 1.3.5
ElementsKit Elementor Addons and Templates 1.3.8
ElementsKit Elementor Addons and Templates 1.3.9
ElementsKit Elementor Addons and Templates 1.4.0
ElementsKit Elementor Addons and Templates 1.4.1
ElementsKit Elementor Addons and Templates 1.4.2
ElementsKit Elementor Addons and Templates 1.4.3
ElementsKit Elementor Addons and Templates 1.4.4
ElementsKit Elementor Addons and Templates 1.4.5
ElementsKit Elementor Addons and Templates 1.4.7
ElementsKit Elementor Addons and Templates 1.4.8
ElementsKit Elementor Addons and Templates 1.4.9
ElementsKit Elementor Addons and Templates 1.5.0
ElementsKit Elementor Addons and Templates 1.5.1
ElementsKit Elementor Addons and Templates 1.5.2
ElementsKit Elementor Addons and Templates 1.5.4
ElementsKit Elementor Addons and Templates 1.5.5
ElementsKit Elementor Addons and Templates 1.5.6
ElementsKit Elementor Addons and Templates 1.5.7
ElementsKit Elementor Addons and Templates 1.5.8
ElementsKit Elementor Addons and Templates 1.5.9
ElementsKit Elementor Addons and Templates 1.5.10
ElementsKit Elementor Addons and Templates 1.5.11
ElementsKit Elementor Addons and Templates 1.5.12
ElementsKit Elementor Addons and Templates 2.0.0
ElementsKit Elementor Addons and Templates 2.0.1
ElementsKit Elementor Addons and Templates 2.0.2
ElementsKit Elementor Addons and Templates 2.0.3
ElementsKit Elementor Addons and Templates 2.0.4
ElementsKit Elementor Addons and Templates 2.0.5
ElementsKit Elementor Addons and Templates 2.0.6
ElementsKit Elementor Addons and Templates 2.0.7
ElementsKit Elementor Addons and Templates 2.0.8
ElementsKit Elementor Addons and Templates 2.0.9
ElementsKit Elementor Addons and Templates 2.0.9.1
ElementsKit Elementor Addons and Templates 2.0.9.2
ElementsKit Elementor Addons and Templates 2.0.9.3
ElementsKit Elementor Addons and Templates 2.0.10
ElementsKit Elementor Addons and Templates 2.0.11
ElementsKit Elementor Addons and Templates 2.0.12
ElementsKit Elementor Addons and Templates 2.0.13
ElementsKit Elementor Addons and Templates 2.1.0
ElementsKit Elementor Addons and Templates 2.1.1
ElementsKit Elementor Addons and Templates 2.1.2
ElementsKit Elementor Addons and Templates 2.1.3
ElementsKit Elementor Addons and Templates 2.1.4
ElementsKit Elementor Addons and Templates 2.1.5
ElementsKit Elementor Addons and Templates 2.1.6
ElementsKit Elementor Addons and Templates 2.1.7
ElementsKit Elementor Addons and Templates 2.2.0
ElementsKit Elementor Addons and Templates 2.2.1
ElementsKit Elementor Addons and Templates 2.2.2
ElementsKit Elementor Addons and Templates 2.2.3
ElementsKit Elementor Addons and Templates 2.2.4
ElementsKit Elementor Addons and Templates 2.3.0
ElementsKit Elementor Addons and Templates 2.3.1
ElementsKit Elementor Addons and Templates 2.3.1.1
ElementsKit Elementor Addons and Templates 2.3.2
ElementsKit Elementor Addons and Templates 2.3.3
ElementsKit Elementor Addons and Templates 2.3.4
ElementsKit Elementor Addons and Templates 2.3.5
ElementsKit Elementor Addons and Templates 2.3.6
ElementsKit Elementor Addons and Templates 2.3.7
ElementsKit Elementor Addons and Templates 2.4.0
ElementsKit Elementor Addons and Templates 2.5.0
ElementsKit Elementor Addons and Templates 2.5.1
ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4

Stored cross-site scripting via ekit_countdown_timer_title parameter

Skrevet den 12. maj 202518. oktober 2025 af i ElementsKit Elementor Addons and Templates

Due to insufficient input sanitization and output escaping via the Countdown Timer Widget ekit_countdown_timer_title parameter, authenticated attackers, with Contributor-level access and above, can inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 1.2.6
ElementsKit Elementor Addons and Templates 1.2.7
ElementsKit Elementor Addons and Templates 1.2.9
ElementsKit Elementor Addons and Templates 1.3.1
ElementsKit Elementor Addons and Templates 1.3.2
ElementsKit Elementor Addons and Templates 1.3.3
ElementsKit Elementor Addons and Templates 1.3.4
ElementsKit Elementor Addons and Templates 1.3.5
ElementsKit Elementor Addons and Templates 1.3.8
ElementsKit Elementor Addons and Templates 1.3.9
ElementsKit Elementor Addons and Templates 1.4.0
ElementsKit Elementor Addons and Templates 1.4.1
ElementsKit Elementor Addons and Templates 1.4.2
ElementsKit Elementor Addons and Templates 1.4.3
ElementsKit Elementor Addons and Templates 1.4.4
ElementsKit Elementor Addons and Templates 1.4.5
ElementsKit Elementor Addons and Templates 1.4.7
ElementsKit Elementor Addons and Templates 1.4.8
ElementsKit Elementor Addons and Templates 1.4.9
ElementsKit Elementor Addons and Templates 1.5.0
ElementsKit Elementor Addons and Templates 1.5.1
ElementsKit Elementor Addons and Templates 1.5.2
ElementsKit Elementor Addons and Templates 1.5.4
ElementsKit Elementor Addons and Templates 1.5.5
ElementsKit Elementor Addons and Templates 1.5.6
ElementsKit Elementor Addons and Templates 1.5.7
ElementsKit Elementor Addons and Templates 1.5.8
ElementsKit Elementor Addons and Templates 1.5.9
ElementsKit Elementor Addons and Templates 1.5.10
ElementsKit Elementor Addons and Templates 1.5.11
ElementsKit Elementor Addons and Templates 1.5.12
ElementsKit Elementor Addons and Templates 2.0.0
ElementsKit Elementor Addons and Templates 2.0.1
ElementsKit Elementor Addons and Templates 2.0.2
ElementsKit Elementor Addons and Templates 2.0.3
ElementsKit Elementor Addons and Templates 2.0.4
ElementsKit Elementor Addons and Templates 2.0.5
ElementsKit Elementor Addons and Templates 2.0.6
ElementsKit Elementor Addons and Templates 2.0.7
ElementsKit Elementor Addons and Templates 2.0.8
ElementsKit Elementor Addons and Templates 2.0.9
ElementsKit Elementor Addons and Templates 2.0.9.1
ElementsKit Elementor Addons and Templates 2.0.9.2
ElementsKit Elementor Addons and Templates 2.0.9.3
ElementsKit Elementor Addons and Templates 2.0.10
ElementsKit Elementor Addons and Templates 2.0.11
ElementsKit Elementor Addons and Templates 2.0.12
ElementsKit Elementor Addons and Templates 2.0.13
ElementsKit Elementor Addons and Templates 2.1.0
ElementsKit Elementor Addons and Templates 2.1.1
ElementsKit Elementor Addons and Templates 2.1.2
ElementsKit Elementor Addons and Templates 2.1.3
ElementsKit Elementor Addons and Templates 2.1.4
ElementsKit Elementor Addons and Templates 2.1.5
ElementsKit Elementor Addons and Templates 2.1.6
ElementsKit Elementor Addons and Templates 2.1.7
ElementsKit Elementor Addons and Templates 2.2.0
ElementsKit Elementor Addons and Templates 2.2.1
ElementsKit Elementor Addons and Templates 2.2.2
ElementsKit Elementor Addons and Templates 2.2.3
ElementsKit Elementor Addons and Templates 2.2.4
ElementsKit Elementor Addons and Templates 2.3.0
ElementsKit Elementor Addons and Templates 2.3.1
ElementsKit Elementor Addons and Templates 2.3.1.1
ElementsKit Elementor Addons and Templates 2.3.2
ElementsKit Elementor Addons and Templates 2.3.3
ElementsKit Elementor Addons and Templates 2.3.4
ElementsKit Elementor Addons and Templates 2.3.5
ElementsKit Elementor Addons and Templates 2.3.6
ElementsKit Elementor Addons and Templates 2.3.7
ElementsKit Elementor Addons and Templates 2.4.0
ElementsKit Elementor Addons and Templates 2.5.0
ElementsKit Elementor Addons and Templates 2.5.1
ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7
ElementsKit Elementor Addons and Templates 3.2.8
ElementsKit Elementor Addons and Templates 3.2.9
ElementsKit Elementor Addons and Templates 3.3.0
ElementsKit Elementor Addons and Templates 3.3.1

Reflected cross-site scripting via the showdata and initiate_restore parameters

Skrevet den 12. maj 202518. oktober 2025 af i UpdraftPlus: WordPress Backup & Migration Plugin

Due to insufficient input sanitization and output escaping, it is possible for unauthenticated attackers to inject arbitrary web scripts into pages. These scripts can execute if the attacker successfully tricks an admin user into performing an action, such as clicking a link.

This vulnerability affects the following application versions:

UpdraftPlus: WordPress Backup & Migration Plugin 1.16.0
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.25
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.26
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.28
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.29
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.32
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.34
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.35
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.36
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.37
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.40
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.41
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.42
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.43
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.44
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.45
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.46
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.47
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.48
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.49
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.50
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.51
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.53
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.55
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.56
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.59
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.60
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.61
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.62
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.63
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.64
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.65
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.66
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.67
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.68
UpdraftPlus: WordPress Backup & Migration Plugin 1.16.69
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.14
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.17
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.18
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.19
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.20
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.21
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.22
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.23
UpdraftPlus: WordPress Backup & Migration Plugin 1.22.24
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11
UpdraftPlus: WordPress Backup & Migration Plugin 1.24.12

Cross-site request forgery in admin class

Skrevet den 12. maj 2025 af i Really Simple SSL

Missing or incorrect nonce validation on a function makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link

This vulnerability affects the following application versions:

Really Simple SSL 7.2.2
Really Simple SSL 7.2.3
Really Simple SSL 8.0.0
Really Simple SSL 8.1.0
Really Simple SSL 8.1.1
Really Simple SSL 8.1.2
Really Simple SSL 8.1.3
Really Simple SSL 8.1.4
Really Simple SSL 8.1.5
Really Simple SSL 8.1.6
Really Simple SSL 8.3.0.1
Really Simple SSL 9.0.0
Really Simple SSL 9.0.2
Really Simple SSL 9.1.0
Really Simple SSL 9.1.1
Really Simple SSL 9.1.1.1
Really Simple SSL 9.1.2
Really Simple SSL 9.1.3
Really Simple SSL 9.1.4

Authenticated (Contributor+) stored cross-site scripting via custom_js parameter

Skrevet den 12. maj 2025 af i Essential Addons for Elementor

Due to insufficient input sanitization and output escaping, authenticated attackers, with Contributor-level access and above, can inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Essential Addons for Elementor 4.1.0
Essential Addons for Elementor 4.1.1
Essential Addons for Elementor 4.1.2
Essential Addons for Elementor 4.2.0
Essential Addons for Elementor 4.2.1
Essential Addons for Elementor 4.2.2
Essential Addons for Elementor 4.2.3
Essential Addons for Elementor 4.2.4
Essential Addons for Elementor 4.3.0
Essential Addons for Elementor 4.3.1
Essential Addons for Elementor 4.3.2
Essential Addons for Elementor 4.3.3
Essential Addons for Elementor 4.3.4
Essential Addons for Elementor 4.3.5
Essential Addons for Elementor 4.3.6
Essential Addons for Elementor 4.3.7
Essential Addons for Elementor 4.3.8
Essential Addons for Elementor 4.3.9
Essential Addons for Elementor 4.4.0
Essential Addons for Elementor 4.4.1
Essential Addons for Elementor 4.5.0
Essential Addons for Elementor 4.5.1
Essential Addons for Elementor 4.5.2
Essential Addons for Elementor 4.5.3
Essential Addons for Elementor 4.5.4
Essential Addons for Elementor 4.5.5
Essential Addons for Elementor 4.6.0
Essential Addons for Elementor 4.6.1
Essential Addons for Elementor 4.6.2
Essential Addons for Elementor 4.6.3
Essential Addons for Elementor 4.6.4
Essential Addons for Elementor 4.6.5
Essential Addons for Elementor 4.6.6
Essential Addons for Elementor 4.7.0
Essential Addons for Elementor 4.7.1
Essential Addons for Elementor 4.7.2
Essential Addons for Elementor 4.7.3
Essential Addons for Elementor 4.7.4
Essential Addons for Elementor 4.7.5
Essential Addons for Elementor 4.8.0
Essential Addons for Elementor 4.8.1
Essential Addons for Elementor 4.8.2
Essential Addons for Elementor 4.8.3
Essential Addons for Elementor 4.8.4
Essential Addons for Elementor 4.9.0
Essential Addons for Elementor 4.9.1
Essential Addons for Elementor 4.9.2
Essential Addons for Elementor 4.9.3
Essential Addons for Elementor 4.9.4
Essential Addons for Elementor 4.9.5
Essential Addons for Elementor 4.9.6
Essential Addons for Elementor 4.9.7
Essential Addons for Elementor 5.0.0
Essential Addons for Elementor 5.0.1
Essential Addons for Elementor 5.0.2
Essential Addons for Elementor 5.0.3
Essential Addons for Elementor 5.0.4
Essential Addons for Elementor 5.0.5
Essential Addons for Elementor 5.0.6
Essential Addons for Elementor 5.0.7
Essential Addons for Elementor 5.0.8
Essential Addons for Elementor 5.0.9
Essential Addons for Elementor 5.0.10
Essential Addons for Elementor 5.0.11
Essential Addons for Elementor 5.0.12
Essential Addons for Elementor 5.0.13
Essential Addons for Elementor 5.1.0
Essential Addons for Elementor 5.1.1
Essential Addons for Elementor 5.1.2
Essential Addons for Elementor 5.1.3
Essential Addons for Elementor 5.1.4
Essential Addons for Elementor 5.1.5
Essential Addons for Elementor 5.1.6
Essential Addons for Elementor 5.1.7
Essential Addons for Elementor 5.1.8
Essential Addons for Elementor 5.1.9
Essential Addons for Elementor 5.2.0
Essential Addons for Elementor 5.2.1
Essential Addons for Elementor 5.2.2
Essential Addons for Elementor 5.2.3
Essential Addons for Elementor 5.2.4
Essential Addons for Elementor 5.3.0
Essential Addons for Elementor 5.3.1
Essential Addons for Elementor 5.3.2
Essential Addons for Elementor 5.4.6
Essential Addons for Elementor 5.5.5
Essential Addons for Elementor 5.6.5
Essential Addons for Elementor 5.7.2
Essential Addons for Elementor 5.7.3
Essential Addons for Elementor 5.7.4
Essential Addons for Elementor 5.8.0
Essential Addons for Elementor 5.8.1
Essential Addons for Elementor 5.8.2
Essential Addons for Elementor 5.8.3
Essential Addons for Elementor 5.8.4
Essential Addons for Elementor 5.8.5
Essential Addons for Elementor 5.8.6
Essential Addons for Elementor 5.8.7
Essential Addons for Elementor 5.8.8
Essential Addons for Elementor 5.8.9
Essential Addons for Elementor 5.8.10
Essential Addons for Elementor 5.8.11
Essential Addons for Elementor 5.8.12
Essential Addons for Elementor 5.8.13
Essential Addons for Elementor 5.8.14
Essential Addons for Elementor 5.8.15
Essential Addons for Elementor 5.8.16
Essential Addons for Elementor 5.8.18
Essential Addons for Elementor 5.9.0
Essential Addons for Elementor 5.9.1
Essential Addons for Elementor 5.9.2
Essential Addons for Elementor 5.9.3
Essential Addons for Elementor 5.9.4
Essential Addons for Elementor 5.9.5
Essential Addons for Elementor 5.9.6
Essential Addons for Elementor 5.9.7
Essential Addons for Elementor 5.9.8
Essential Addons for Elementor 5.9.9
Essential Addons for Elementor 5.9.10
Essential Addons for Elementor 5.9.11
Essential Addons for Elementor 5.9.12
Essential Addons for Elementor 5.9.13
Essential Addons for Elementor 5.9.14
Essential Addons for Elementor 5.9.15
Essential Addons for Elementor 5.9.16
Essential Addons for Elementor 5.9.17
Essential Addons for Elementor 5.9.18
Essential Addons for Elementor 5.9.19
Essential Addons for Elementor 5.9.20
Essential Addons for Elementor 5.9.21
Essential Addons for Elementor 5.9.22
Essential Addons for Elementor 5.9.23

Authenticated (contributor+) stored cross-site scripting via image comparison widget

Skrevet den 29. april 2025 af i ElementsKit Elementor Addons and Templates

Stored cross-site scripting via the image comparison widget due to insufficient input sanitization and output escaping on user supplied attributes. this makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 1.2.6
ElementsKit Elementor Addons and Templates 1.2.7
ElementsKit Elementor Addons and Templates 1.2.9
ElementsKit Elementor Addons and Templates 1.3.1
ElementsKit Elementor Addons and Templates 1.3.2
ElementsKit Elementor Addons and Templates 1.3.3
ElementsKit Elementor Addons and Templates 1.3.4
ElementsKit Elementor Addons and Templates 1.3.5
ElementsKit Elementor Addons and Templates 1.3.8
ElementsKit Elementor Addons and Templates 1.3.9
ElementsKit Elementor Addons and Templates 1.4.0
ElementsKit Elementor Addons and Templates 1.4.1
ElementsKit Elementor Addons and Templates 1.4.2
ElementsKit Elementor Addons and Templates 1.4.3
ElementsKit Elementor Addons and Templates 1.4.4
ElementsKit Elementor Addons and Templates 1.4.5
ElementsKit Elementor Addons and Templates 1.4.7
ElementsKit Elementor Addons and Templates 1.4.8
ElementsKit Elementor Addons and Templates 1.4.9
ElementsKit Elementor Addons and Templates 1.5.0
ElementsKit Elementor Addons and Templates 1.5.1
ElementsKit Elementor Addons and Templates 1.5.2
ElementsKit Elementor Addons and Templates 1.5.4
ElementsKit Elementor Addons and Templates 1.5.5
ElementsKit Elementor Addons and Templates 1.5.6
ElementsKit Elementor Addons and Templates 1.5.7
ElementsKit Elementor Addons and Templates 1.5.8
ElementsKit Elementor Addons and Templates 1.5.9
ElementsKit Elementor Addons and Templates 1.5.10
ElementsKit Elementor Addons and Templates 1.5.11
ElementsKit Elementor Addons and Templates 1.5.12
ElementsKit Elementor Addons and Templates 2.0.0
ElementsKit Elementor Addons and Templates 2.0.1
ElementsKit Elementor Addons and Templates 2.0.2
ElementsKit Elementor Addons and Templates 2.0.3
ElementsKit Elementor Addons and Templates 2.0.4
ElementsKit Elementor Addons and Templates 2.0.5
ElementsKit Elementor Addons and Templates 2.0.6
ElementsKit Elementor Addons and Templates 2.0.7
ElementsKit Elementor Addons and Templates 2.0.8
ElementsKit Elementor Addons and Templates 2.0.9
ElementsKit Elementor Addons and Templates 2.0.9.1
ElementsKit Elementor Addons and Templates 2.0.9.2
ElementsKit Elementor Addons and Templates 2.0.9.3
ElementsKit Elementor Addons and Templates 2.0.10
ElementsKit Elementor Addons and Templates 2.0.11
ElementsKit Elementor Addons and Templates 2.0.12
ElementsKit Elementor Addons and Templates 2.0.13
ElementsKit Elementor Addons and Templates 2.1.0
ElementsKit Elementor Addons and Templates 2.1.1
ElementsKit Elementor Addons and Templates 2.1.2
ElementsKit Elementor Addons and Templates 2.1.3
ElementsKit Elementor Addons and Templates 2.1.4
ElementsKit Elementor Addons and Templates 2.1.5
ElementsKit Elementor Addons and Templates 2.1.6
ElementsKit Elementor Addons and Templates 2.1.7
ElementsKit Elementor Addons and Templates 2.2.0
ElementsKit Elementor Addons and Templates 2.2.1
ElementsKit Elementor Addons and Templates 2.2.2
ElementsKit Elementor Addons and Templates 2.2.3
ElementsKit Elementor Addons and Templates 2.2.4
ElementsKit Elementor Addons and Templates 2.3.0
ElementsKit Elementor Addons and Templates 2.3.1
ElementsKit Elementor Addons and Templates 2.3.1.1
ElementsKit Elementor Addons and Templates 2.3.2
ElementsKit Elementor Addons and Templates 2.3.3
ElementsKit Elementor Addons and Templates 2.3.4
ElementsKit Elementor Addons and Templates 2.3.5
ElementsKit Elementor Addons and Templates 2.3.6
ElementsKit Elementor Addons and Templates 2.3.7
ElementsKit Elementor Addons and Templates 2.4.0
ElementsKit Elementor Addons and Templates 2.5.0
ElementsKit Elementor Addons and Templates 2.5.1
ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7
ElementsKit Elementor Addons and Templates 3.2.8
ElementsKit Elementor Addons and Templates 3.2.9

Authenticated (contributor+) stored cross-site scripting via video widget

Skrevet den 29. april 2025 af i ElementsKit Elementor Addons and Templates

Due to insufficient input sanitization and output escaping on user supplied attributes. this makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7

Improper limitation of a pathname to a restricted directory

Skrevet den 29. april 202518. oktober 2025 af i Magento

An improper restriction of pathname to a restricted directory allows directory traversal. A low-privileged attacker can exploit this flaw to access arbitrary files and directories outside of the intended root path. The attack requires no user interaction and changes the scope of access.

This vulnerability affects the following application versions:

Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Information exposure via get_megamenu_content function

Skrevet den 29. april 202518. oktober 2025 af i ElementsKit Elementor Addons and Templates

Due to a missing capability checks on the get_megamenu_content() function, unauthenticated attackers can view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7
ElementsKit Elementor Addons and Templates 3.2.8
ElementsKit Elementor Addons and Templates 3.2.9
ElementsKit Elementor Addons and Templates 3.3.0
ElementsKit Elementor Addons and Templates 3.3.1
ElementsKit Elementor Addons and Templates 3.3.2
ElementsKit Elementor Addons and Templates 3.3.3
ElementsKit Elementor Addons and Templates 3.3.4
ElementsKit Elementor Addons and Templates 3.3.5
ElementsKit Elementor Addons and Templates 3.3.6
ElementsKit Elementor Addons and Templates 3.3.7
ElementsKit Elementor Addons and Templates 3.3.8
ElementsKit Elementor Addons and Templates 3.3.9
ElementsKit Elementor Addons and Templates 3.4.0

Authenticated (contributor+) stored cross-site scripting in countdown timer

Skrevet den 29. april 2025 af i ElementsKit Elementor Addons and Templates

Stored cross-site scripting available via the countdown timer widget ekit_countdown_timer_title parameter due to insufficient input sanitization and output escaping.

This vulnerability affects the following application versions:

ElementsKit Elementor Addons and Templates 1.2.6
ElementsKit Elementor Addons and Templates 1.2.7
ElementsKit Elementor Addons and Templates 1.2.9
ElementsKit Elementor Addons and Templates 1.3.1
ElementsKit Elementor Addons and Templates 1.3.2
ElementsKit Elementor Addons and Templates 1.3.3
ElementsKit Elementor Addons and Templates 1.3.4
ElementsKit Elementor Addons and Templates 1.3.5
ElementsKit Elementor Addons and Templates 1.3.8
ElementsKit Elementor Addons and Templates 1.3.9
ElementsKit Elementor Addons and Templates 1.4.0
ElementsKit Elementor Addons and Templates 1.4.1
ElementsKit Elementor Addons and Templates 1.4.2
ElementsKit Elementor Addons and Templates 1.4.3
ElementsKit Elementor Addons and Templates 1.4.4
ElementsKit Elementor Addons and Templates 1.4.5
ElementsKit Elementor Addons and Templates 1.4.8
ElementsKit Elementor Addons and Templates 1.4.9
ElementsKit Elementor Addons and Templates 1.5.0
ElementsKit Elementor Addons and Templates 1.5.1
ElementsKit Elementor Addons and Templates 1.5.2
ElementsKit Elementor Addons and Templates 1.5.4
ElementsKit Elementor Addons and Templates 1.5.5
ElementsKit Elementor Addons and Templates 1.5.6
ElementsKit Elementor Addons and Templates 1.5.7
ElementsKit Elementor Addons and Templates 1.5.8
ElementsKit Elementor Addons and Templates 1.5.9
ElementsKit Elementor Addons and Templates 1.5.10
ElementsKit Elementor Addons and Templates 1.5.11
ElementsKit Elementor Addons and Templates 1.5.12
ElementsKit Elementor Addons and Templates 2.0.0
ElementsKit Elementor Addons and Templates 2.0.1
ElementsKit Elementor Addons and Templates 2.0.2
ElementsKit Elementor Addons and Templates 2.0.3
ElementsKit Elementor Addons and Templates 2.0.4
ElementsKit Elementor Addons and Templates 2.0.5
ElementsKit Elementor Addons and Templates 2.0.6
ElementsKit Elementor Addons and Templates 2.0.7
ElementsKit Elementor Addons and Templates 2.0.8
ElementsKit Elementor Addons and Templates 2.0.9
ElementsKit Elementor Addons and Templates 2.0.9.1
ElementsKit Elementor Addons and Templates 2.0.9.2
ElementsKit Elementor Addons and Templates 2.0.9.3
ElementsKit Elementor Addons and Templates 2.0.10
ElementsKit Elementor Addons and Templates 2.0.11
ElementsKit Elementor Addons and Templates 2.0.12
ElementsKit Elementor Addons and Templates 2.0.13
ElementsKit Elementor Addons and Templates 2.1.0
ElementsKit Elementor Addons and Templates 2.1.1
ElementsKit Elementor Addons and Templates 2.1.2
ElementsKit Elementor Addons and Templates 2.1.3
ElementsKit Elementor Addons and Templates 2.1.4
ElementsKit Elementor Addons and Templates 2.1.5
ElementsKit Elementor Addons and Templates 2.1.6
ElementsKit Elementor Addons and Templates 2.1.7
ElementsKit Elementor Addons and Templates 2.2.0
ElementsKit Elementor Addons and Templates 2.2.1
ElementsKit Elementor Addons and Templates 2.2.2
ElementsKit Elementor Addons and Templates 2.2.3
ElementsKit Elementor Addons and Templates 2.2.4
ElementsKit Elementor Addons and Templates 2.3.0
ElementsKit Elementor Addons and Templates 2.3.1
ElementsKit Elementor Addons and Templates 2.3.1.1
ElementsKit Elementor Addons and Templates 2.3.2
ElementsKit Elementor Addons and Templates 2.3.3
ElementsKit Elementor Addons and Templates 2.3.4
ElementsKit Elementor Addons and Templates 2.3.5
ElementsKit Elementor Addons and Templates 2.3.6
ElementsKit Elementor Addons and Templates 2.3.7
ElementsKit Elementor Addons and Templates 2.4.0
ElementsKit Elementor Addons and Templates 2.5.0
ElementsKit Elementor Addons and Templates 2.5.1
ElementsKit Elementor Addons and Templates 2.5.2
ElementsKit Elementor Addons and Templates 2.5.3
ElementsKit Elementor Addons and Templates 2.5.4
ElementsKit Elementor Addons and Templates 2.5.5
ElementsKit Elementor Addons and Templates 2.5.6
ElementsKit Elementor Addons and Templates 2.5.7
ElementsKit Elementor Addons and Templates 2.5.8
ElementsKit Elementor Addons and Templates 2.5.9
ElementsKit Elementor Addons and Templates 2.5.10
ElementsKit Elementor Addons and Templates 2.6.0
ElementsKit Elementor Addons and Templates 2.6.1
ElementsKit Elementor Addons and Templates 2.6.2
ElementsKit Elementor Addons and Templates 2.6.3
ElementsKit Elementor Addons and Templates 2.7.0
ElementsKit Elementor Addons and Templates 2.7.2
ElementsKit Elementor Addons and Templates 2.7.3
ElementsKit Elementor Addons and Templates 2.7.4
ElementsKit Elementor Addons and Templates 2.7.5
ElementsKit Elementor Addons and Templates 2.8.0
ElementsKit Elementor Addons and Templates 2.8.1
ElementsKit Elementor Addons and Templates 2.8.5
ElementsKit Elementor Addons and Templates 2.8.6
ElementsKit Elementor Addons and Templates 2.8.7
ElementsKit Elementor Addons and Templates 2.8.8
ElementsKit Elementor Addons and Templates 2.9.0
ElementsKit Elementor Addons and Templates 2.9.1
ElementsKit Elementor Addons and Templates 2.9.2
ElementsKit Elementor Addons and Templates 3.0.0
ElementsKit Elementor Addons and Templates 3.0.1
ElementsKit Elementor Addons and Templates 3.0.2
ElementsKit Elementor Addons and Templates 3.0.3
ElementsKit Elementor Addons and Templates 3.0.4
ElementsKit Elementor Addons and Templates 3.0.5
ElementsKit Elementor Addons and Templates 3.0.6
ElementsKit Elementor Addons and Templates 3.0.7
ElementsKit Elementor Addons and Templates 3.1.0
ElementsKit Elementor Addons and Templates 3.1.1
ElementsKit Elementor Addons and Templates 3.1.2
ElementsKit Elementor Addons and Templates 3.1.3
ElementsKit Elementor Addons and Templates 3.1.4
ElementsKit Elementor Addons and Templates 3.2.0
ElementsKit Elementor Addons and Templates 3.2.1
ElementsKit Elementor Addons and Templates 3.2.2
ElementsKit Elementor Addons and Templates 3.2.3
ElementsKit Elementor Addons and Templates 3.2.4
ElementsKit Elementor Addons and Templates 3.2.5
ElementsKit Elementor Addons and Templates 3.2.6
ElementsKit Elementor Addons and Templates 3.2.7
ElementsKit Elementor Addons and Templates 3.2.8
ElementsKit Elementor Addons and Templates 3.2.9
ElementsKit Elementor Addons and Templates 3.3.0
ElementsKit Elementor Addons and Templates 3.3.1
ElementsKit Elementor Addons and Templates 3.3.2
ElementsKit Elementor Addons and Templates 3.3.3
ElementsKit Elementor Addons and Templates 3.3.4
ElementsKit Elementor Addons and Templates 3.3.5
ElementsKit Elementor Addons and Templates 3.3.6
ElementsKit Elementor Addons and Templates 3.3.7
ElementsKit Elementor Addons and Templates 3.3.8
ElementsKit Elementor Addons and Templates 3.3.9
ElementsKit Elementor Addons and Templates 3.4.0
ElementsKit Elementor Addons and Templates 3.4.1
ElementsKit Elementor Addons and Templates 3.4.2
ElementsKit Elementor Addons and Templates 3.4.3
ElementsKit Elementor Addons and Templates 3.4.4
ElementsKit Elementor Addons and Templates 3.4.5
ElementsKit Elementor Addons and Templates 3.4.6
ElementsKit Elementor Addons and Templates 3.4.7

XSS via form ID

Skrevet den 29. april 202518. oktober 2025 af i WPForms

Added Extra validation and sanitization of form IDs passed via URL to ensure only valid forms load and block any malicious input.

This vulnerability affects the following application versions:

WPForms 1.4.7.1
WPForms 1.4.7.2
WPForms 1.4.8.1
WPForms 1.4.9
WPForms 1.5.0.1
WPForms 1.5.0.3
WPForms 1.5.0.4
WPForms 1.5.1
WPForms 1.5.1.1
WPForms 1.5.1.3
WPForms 1.5.2.1
WPForms 1.5.2.2
WPForms 1.5.2.3
WPForms 1.5.3
WPForms 1.5.3.1
WPForms 1.5.4.1
WPForms 1.5.4.2
WPForms 1.5.5
WPForms 1.5.5.1
WPForms 1.5.6
WPForms 1.5.6.2
WPForms 1.5.7
WPForms 1.5.8.2
WPForms 1.5.9.1
WPForms 1.5.9.4
WPForms 1.5.9.5
WPForms 1.6.0.1
WPForms 1.6.0.2
WPForms 1.6.1
WPForms 1.6.2.2
WPForms 1.6.2.3
WPForms 1.6.3.1
WPForms 1.6.4
WPForms 1.6.4.1
WPForms 1.6.5
WPForms 1.6.6
WPForms 1.6.7
WPForms 1.6.7.1
WPForms 1.6.7.2
WPForms 1.6.7.3
WPForms 1.6.8
WPForms 1.6.8.1
WPForms 1.6.9
WPForms 1.7.0
WPForms 1.7.1.1
WPForms 1.7.1.2
WPForms 1.7.2
WPForms 1.7.2.1
WPForms 1.7.3
WPForms 1.7.4
WPForms 1.7.4.1
WPForms 1.7.4.2
WPForms 1.7.5.1
WPForms 1.7.5.2
WPForms 1.7.5.3
WPForms 1.7.5.5
WPForms 1.7.6
WPForms 1.7.7
WPForms 1.7.7.1
WPForms 1.7.7.2
WPForms 1.7.8
WPForms 1.7.9
WPForms 1.7.9.1
WPForms 1.8.0.1
WPForms 1.8.0.2
WPForms 1.8.1.1
WPForms 1.8.1.2
WPForms 1.8.1.3
WPForms 1.8.2.1
WPForms 1.8.2.2
WPForms 1.8.2.3
WPForms 1.8.3
WPForms 1.8.3.1
WPForms 1.8.4
WPForms 1.8.4.1
WPForms 1.8.5.2
WPForms 1.8.5.3
WPForms 1.8.5.4
WPForms 1.8.6.2
WPForms 1.8.6.3
WPForms 1.8.6.4
WPForms 1.8.7.2
WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4

XSS in the common app

Skrevet den 29. april 202518. oktober 2025 af i All in One SEO Pack

User input is not properly sanitized in some components that exposes to an XSS attack.

This vulnerability affects the following application versions:

All in One SEO Pack 4.0.6
All in One SEO Pack 4.0.7
All in One SEO Pack 4.0.8
All in One SEO Pack 4.0.9
All in One SEO Pack 4.0.10
All in One SEO Pack 4.0.12
All in One SEO Pack 4.0.15
All in One SEO Pack 4.0.16
All in One SEO Pack 4.0.17
All in One SEO Pack 4.0.18
All in One SEO Pack 4.1.0.1
All in One SEO Pack 4.1.0.2
All in One SEO Pack 4.1.0.3
All in One SEO Pack 4.1.1
All in One SEO Pack 4.1.1.1
All in One SEO Pack 4.1.1.2
All in One SEO Pack 4.1.2.1
All in One SEO Pack 4.1.2.2
All in One SEO Pack 4.1.2.3
All in One SEO Pack 4.1.3.1
All in One SEO Pack 4.1.3.3
All in One SEO Pack 4.1.3.4
All in One SEO Pack 4.1.4.1
All in One SEO Pack 4.1.4.2
All in One SEO Pack 4.1.4.3
All in One SEO Pack 4.1.4.4
All in One SEO Pack 4.1.4.5
All in One SEO Pack 4.1.5.1
All in One SEO Pack 4.1.5.2
All in One SEO Pack 4.1.5.3
All in One SEO Pack 4.1.6.2
All in One SEO Pack 4.1.7
All in One SEO Pack 4.1.8
All in One SEO Pack 4.1.9.1
All in One SEO Pack 4.1.9.3
All in One SEO Pack 4.1.9.4
All in One SEO Pack 4.1.10
All in One SEO Pack 4.2.0
All in One SEO Pack 4.2.1.1
All in One SEO Pack 4.2.2
All in One SEO Pack 4.2.3.1
All in One SEO Pack 4.2.4
All in One SEO Pack 4.2.5.1
All in One SEO Pack 4.2.6
All in One SEO Pack 4.2.6.1
All in One SEO Pack 4.2.7.1
All in One SEO Pack 4.2.8
All in One SEO Pack 4.2.9
All in One SEO Pack 4.3.0
All in One SEO Pack 4.3.1
All in One SEO Pack 4.3.1.1
All in One SEO Pack 4.3.2
All in One SEO Pack 4.3.3
All in One SEO Pack 4.3.4.1
All in One SEO Pack 4.3.5
All in One SEO Pack 4.3.6.1
All in One SEO Pack 4.3.7
All in One SEO Pack 4.3.8
All in One SEO Pack 4.3.9
All in One SEO Pack 4.4.0.1
All in One SEO Pack 4.4.1
All in One SEO Pack 4.4.2
All in One SEO Pack 4.4.3
All in One SEO Pack 4.4.4
All in One SEO Pack 4.4.5.1
All in One SEO Pack 4.4.6
All in One SEO Pack 4.4.7
All in One SEO Pack 4.4.7.1
All in One SEO Pack 4.4.8
All in One SEO Pack 4.4.9.1
All in One SEO Pack 4.4.9.2
All in One SEO Pack 4.5.0
All in One SEO Pack 4.5.1.1
All in One SEO Pack 4.5.2.1
All in One SEO Pack 4.5.3.1
All in One SEO Pack 4.5.4
All in One SEO Pack 4.5.5
All in One SEO Pack 4.5.6
All in One SEO Pack 4.5.7.1
All in One SEO Pack 4.5.7.2
All in One SEO Pack 4.5.7.3
All in One SEO Pack 4.5.8
All in One SEO Pack 4.5.9.1
All in One SEO Pack 4.5.9.2
All in One SEO Pack 4.6.0
All in One SEO Pack 4.6.1.1
All in One SEO Pack 4.6.2
All in One SEO Pack 4.6.3
All in One SEO Pack 4.6.4
All in One SEO Pack 4.6.5
All in One SEO Pack 4.6.6
All in One SEO Pack 4.6.7.1
All in One SEO Pack 4.6.8.1
All in One SEO Pack 4.6.9
All in One SEO Pack 4.6.9.1
All in One SEO Pack 4.7.0

Stored XSS in admin wizard step allows execution of arbitrary scripts

Skrevet den 29. april 202518. oktober 2025 af i Rank Math SEO

An authenticated user can inject JavaScript into a wizard input field, which is later executed when another user views the affected step, leading to potential session hijacking or privilege abuse.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218

Missing capability check allows unauthorized access to image details

Skrevet den 15. april 202518. oktober 2025 af i Elementor Website Builder

The AJAX function responsible for retrieving image details lacks a proper capability check, allowing unauthorized users to access image metadata without the necessary permissions

This vulnerability affects the following application versions:

Elementor Website Builder 2.1.0
Elementor Website Builder 2.1.0-beta1
Elementor Website Builder 2.1.0-beta2
Elementor Website Builder 2.1.0-beta3
Elementor Website Builder 2.1.1
Elementor Website Builder 2.1.2
Elementor Website Builder 2.1.3
Elementor Website Builder 2.1.4
Elementor Website Builder 2.1.5
Elementor Website Builder 2.1.6
Elementor Website Builder 2.1.7
Elementor Website Builder 2.1.8
Elementor Website Builder 2.2.0
Elementor Website Builder 2.2.0-beta1
Elementor Website Builder 2.2.0-beta2
Elementor Website Builder 2.2.0-beta3
Elementor Website Builder 2.2.1
Elementor Website Builder 2.2.2
Elementor Website Builder 2.2.3
Elementor Website Builder 2.2.4
Elementor Website Builder 2.2.5
Elementor Website Builder 2.2.6
Elementor Website Builder 2.2.7
Elementor Website Builder 2.3.0
Elementor Website Builder 2.3.0-beta1
Elementor Website Builder 2.3.0-beta2
Elementor Website Builder 2.3.0-beta3
Elementor Website Builder 2.3.0-beta4
Elementor Website Builder 2.3.0-beta5
Elementor Website Builder 2.3.1
Elementor Website Builder 2.3.2
Elementor Website Builder 2.3.3
Elementor Website Builder 2.3.4
Elementor Website Builder 2.3.5
Elementor Website Builder 2.3.6
Elementor Website Builder 2.3.7
Elementor Website Builder 2.3.8
Elementor Website Builder 2.4.0
Elementor Website Builder 2.4.0-beta1
Elementor Website Builder 2.4.0-beta2
Elementor Website Builder 2.4.0-beta3
Elementor Website Builder 2.4.0-beta4
Elementor Website Builder 2.4.1
Elementor Website Builder 2.4.2
Elementor Website Builder 2.4.3
Elementor Website Builder 2.4.4
Elementor Website Builder 2.4.5
Elementor Website Builder 2.4.6
Elementor Website Builder 2.4.7
Elementor Website Builder 2.5.0
Elementor Website Builder 2.5.0-beta1
Elementor Website Builder 2.5.0-beta2
Elementor Website Builder 2.5.0-beta3
Elementor Website Builder 2.5.0-beta4
Elementor Website Builder 2.5.1
Elementor Website Builder 2.5.2
Elementor Website Builder 2.5.3
Elementor Website Builder 2.5.4
Elementor Website Builder 2.5.5
Elementor Website Builder 2.5.6
Elementor Website Builder 2.5.7
Elementor Website Builder 2.5.8
Elementor Website Builder 2.5.9
Elementor Website Builder 2.5.10
Elementor Website Builder 2.5.11
Elementor Website Builder 2.5.12
Elementor Website Builder 2.5.13
Elementor Website Builder 2.5.14
Elementor Website Builder 2.5.15
Elementor Website Builder 2.5.16
Elementor Website Builder 2.6.0
Elementor Website Builder 2.6.0-beta1
Elementor Website Builder 2.6.0-beta2
Elementor Website Builder 2.6.0-beta3
Elementor Website Builder 2.6.1
Elementor Website Builder 2.6.2
Elementor Website Builder 2.6.3
Elementor Website Builder 2.6.4
Elementor Website Builder 2.6.5
Elementor Website Builder 2.6.6
Elementor Website Builder 2.6.7
Elementor Website Builder 2.6.8
Elementor Website Builder 2.7.0
Elementor Website Builder 2.7.0-beta1
Elementor Website Builder 2.7.0-beta2
Elementor Website Builder 2.7.0-beta3
Elementor Website Builder 2.7.0-beta4
Elementor Website Builder 2.7.1
Elementor Website Builder 2.7.2
Elementor Website Builder 2.7.3
Elementor Website Builder 2.7.4
Elementor Website Builder 2.7.5
Elementor Website Builder 2.7.6
Elementor Website Builder 2.8.0
Elementor Website Builder 2.8.0-beta1
Elementor Website Builder 2.8.0-beta2
Elementor Website Builder 2.8.0-beta3
Elementor Website Builder 2.8.0-beta4
Elementor Website Builder 2.8.1
Elementor Website Builder 2.8.2
Elementor Website Builder 2.8.3
Elementor Website Builder 2.8.4
Elementor Website Builder 2.8.5
Elementor Website Builder 2.9.0
Elementor Website Builder 2.9.0-beta1
Elementor Website Builder 2.9.0-beta2
Elementor Website Builder 2.9.0-beta3
Elementor Website Builder 2.9.0-beta4
Elementor Website Builder 2.9.0-beta5
Elementor Website Builder 2.9.1
Elementor Website Builder 2.9.2
Elementor Website Builder 2.9.3
Elementor Website Builder 2.9.4
Elementor Website Builder 2.9.5
Elementor Website Builder 2.9.6
Elementor Website Builder 2.9.7
Elementor Website Builder 2.9.8
Elementor Website Builder 2.9.9
Elementor Website Builder 2.9.10
Elementor Website Builder 2.9.11
Elementor Website Builder 2.9.12
Elementor Website Builder 2.9.13
Elementor Website Builder 2.9.14
Elementor Website Builder 3.0.0
Elementor Website Builder 3.0.0-beta1
Elementor Website Builder 3.0.0-beta2
Elementor Website Builder 3.0.0-beta3
Elementor Website Builder 3.0.0-beta4
Elementor Website Builder 3.0.0-beta5
Elementor Website Builder 3.0.0-beta6
Elementor Website Builder 3.0.1
Elementor Website Builder 3.0.2
Elementor Website Builder 3.0.3
Elementor Website Builder 3.0.4
Elementor Website Builder 3.0.5
Elementor Website Builder 3.0.6
Elementor Website Builder 3.0.7
Elementor Website Builder 3.0.8
Elementor Website Builder 3.0.8.1
Elementor Website Builder 3.0.9
Elementor Website Builder 3.0.10
Elementor Website Builder 3.0.11
Elementor Website Builder 3.0.12
Elementor Website Builder 3.0.13
Elementor Website Builder 3.0.14
Elementor Website Builder 3.0.15
Elementor Website Builder 3.0.16
Elementor Website Builder 3.1.0
Elementor Website Builder 3.1.0-beta1
Elementor Website Builder 3.1.0-beta2
Elementor Website Builder 3.1.0-beta3
Elementor Website Builder 3.1.0-beta4
Elementor Website Builder 3.1.0-dev1
Elementor Website Builder 3.1.0-dev2
Elementor Website Builder 3.1.0-dev3
Elementor Website Builder 3.1.0-dev4
Elementor Website Builder 3.1.1
Elementor Website Builder 3.1.2
Elementor Website Builder 3.1.3
Elementor Website Builder 3.1.4
Elementor Website Builder 3.2.0
Elementor Website Builder 3.2.0-beta1
Elementor Website Builder 3.2.0-beta2
Elementor Website Builder 3.2.0-beta3
Elementor Website Builder 3.2.0-beta4
Elementor Website Builder 3.2.0-dev1
Elementor Website Builder 3.2.0-dev2
Elementor Website Builder 3.2.0-dev3
Elementor Website Builder 3.2.0-dev4
Elementor Website Builder 3.2.0-dev5
Elementor Website Builder 3.2.0-dev6
Elementor Website Builder 3.2.0-dev7
Elementor Website Builder 3.2.0-dev8
Elementor Website Builder 3.2.1
Elementor Website Builder 3.2.2
Elementor Website Builder 3.2.3
Elementor Website Builder 3.2.4
Elementor Website Builder 3.2.5
Elementor Website Builder 3.3.0
Elementor Website Builder 3.3.0-beta1
Elementor Website Builder 3.3.0-beta2
Elementor Website Builder 3.3.0-beta3
Elementor Website Builder 3.3.0-beta4
Elementor Website Builder 3.3.0-beta5
Elementor Website Builder 3.3.0-dev1
Elementor Website Builder 3.3.0-dev2
Elementor Website Builder 3.3.0-dev3
Elementor Website Builder 3.3.0-dev4
Elementor Website Builder 3.3.0-dev5
Elementor Website Builder 3.3.0-dev6
Elementor Website Builder 3.3.0-dev7
Elementor Website Builder 3.3.0-dev8
Elementor Website Builder 3.3.0-dev9
Elementor Website Builder 3.3.0-dev10
Elementor Website Builder 3.3.0-dev11
Elementor Website Builder 3.3.0-dev12
Elementor Website Builder 3.3.0-dev13
Elementor Website Builder 3.3.0-dev14
Elementor Website Builder 3.3.0-dev15
Elementor Website Builder 3.3.1
Elementor Website Builder 3.4.0
Elementor Website Builder 3.4.0-beta1
Elementor Website Builder 3.4.0-beta2
Elementor Website Builder 3.4.0-beta3
Elementor Website Builder 3.4.0-beta4
Elementor Website Builder 3.4.0-beta5
Elementor Website Builder 3.4.0-dev1
Elementor Website Builder 3.4.0-dev2
Elementor Website Builder 3.4.0-dev3
Elementor Website Builder 3.4.0-dev4
Elementor Website Builder 3.4.0-dev5
Elementor Website Builder 3.4.0-dev6
Elementor Website Builder 3.4.0-dev7
Elementor Website Builder 3.4.0-dev8
Elementor Website Builder 3.4.0-dev9
Elementor Website Builder 3.4.0-dev10
Elementor Website Builder 3.4.0-dev11
Elementor Website Builder 3.4.0-dev12
Elementor Website Builder 3.4.0-dev13
Elementor Website Builder 3.4.1
Elementor Website Builder 3.4.2
Elementor Website Builder 3.4.3
Elementor Website Builder 3.4.4
Elementor Website Builder 3.4.5
Elementor Website Builder 3.4.6
Elementor Website Builder 3.4.7
Elementor Website Builder 3.4.8
Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev1
Elementor Website Builder 3.5.0-dev2
Elementor Website Builder 3.5.0-dev3
Elementor Website Builder 3.5.0-dev4
Elementor Website Builder 3.5.0-dev5
Elementor Website Builder 3.5.0-dev6
Elementor Website Builder 3.5.0-dev7
Elementor Website Builder 3.5.0-dev8
Elementor Website Builder 3.5.0-dev9
Elementor Website Builder 3.5.0-dev10
Elementor Website Builder 3.5.0-dev11
Elementor Website Builder 3.5.0-dev12
Elementor Website Builder 3.5.0-dev13
Elementor Website Builder 3.5.0-dev14
Elementor Website Builder 3.5.0-dev15
Elementor Website Builder 3.5.0-dev16
Elementor Website Builder 3.5.0-dev17
Elementor Website Builder 3.5.0-dev18
Elementor Website Builder 3.5.0-dev19
Elementor Website Builder 3.5.0-dev20
Elementor Website Builder 3.5.0-dev21
Elementor Website Builder 3.5.0-dev22
Elementor Website Builder 3.5.0-dev23
Elementor Website Builder 3.5.0-dev24
Elementor Website Builder 3.5.0-dev25
Elementor Website Builder 3.5.0-dev26
Elementor Website Builder 3.5.0-dev27
Elementor Website Builder 3.5.0-dev28
Elementor Website Builder 3.5.0-dev29
Elementor Website Builder 3.5.0-dev30
Elementor Website Builder 3.5.0-dev31
Elementor Website Builder 3.5.0-dev32
Elementor Website Builder 3.5.0-dev33
Elementor Website Builder 3.5.0-dev34
Elementor Website Builder 3.5.0-dev35
Elementor Website Builder 3.5.0-dev36
Elementor Website Builder 3.5.0-dev37
Elementor Website Builder 3.5.0-dev38
Elementor Website Builder 3.5.0-dev39
Elementor Website Builder 3.5.0-dev40
Elementor Website Builder 3.5.0-dev41
Elementor Website Builder 3.5.0-dev42
Elementor Website Builder 3.5.0-dev43
Elementor Website Builder 3.5.0-dev44
Elementor Website Builder 3.5.0-dev45
Elementor Website Builder 3.5.0-dev46
Elementor Website Builder 3.5.0-dev47
Elementor Website Builder 3.5.0-dev48
Elementor Website Builder 3.5.0-dev49
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3

Missing authorization to authenticated (contributor+) arbitrary schema deletion

Skrevet den 15. april 202518. oktober 2025 af i Rank Math SEO

Due to a missing capability check in the update_metadata() function, authenticated attackers with Contributor-level access or higher can exploit this vulnerability to delete schema metadata assigned to any post. This flaw may lead to unauthorized data loss and compromise the integrity of structured content across the site.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218
Rank Math SEO 1.0.219
Rank Math SEO 1.0.220
Rank Math SEO 1.0.221
Rank Math SEO 1.0.222
Rank Math SEO 1.0.223
Rank Math SEO 1.0.224
Rank Math SEO 1.0.225
Rank Math SEO 1.0.226
Rank Math SEO 1.0.227
Rank Math SEO 1.0.227.1
Rank Math SEO 1.0.228
Rank Math SEO 1.0.229
Rank Math SEO 1.0.230
Rank Math SEO 1.0.231
Rank Math SEO 1.0.232
Rank Math SEO 1.0.233
Rank Math SEO 1.0.234
Rank Math SEO 1.0.234.1
Rank Math SEO 1.0.235

Unauthenticated privilege escalation via is_role_simulation()

Skrevet den 15. april 202518. oktober 2025 af i LiteSpeed Cache

The is_role_simulation() function lacks proper authorization checks, allowing unauthenticated attackers to simulate privileged roles (e.g., Administrator), potentially granting them elevated access to the site.

This vulnerability affects the following application versions:

LiteSpeed Cache 4.0
LiteSpeed Cache 4.1
LiteSpeed Cache 4.2
LiteSpeed Cache 4.3
LiteSpeed Cache 4.4
LiteSpeed Cache 4.4.1
LiteSpeed Cache 4.4.2
LiteSpeed Cache 4.4.3
LiteSpeed Cache 4.4.4
LiteSpeed Cache 4.4.5
LiteSpeed Cache 4.4.6
LiteSpeed Cache 4.4.7
LiteSpeed Cache 4.5
LiteSpeed Cache 4.5.0.1
LiteSpeed Cache 4.6
LiteSpeed Cache 5.0
LiteSpeed Cache 5.0.0.1
LiteSpeed Cache 5.0.1
LiteSpeed Cache 5.1
LiteSpeed Cache 5.2
LiteSpeed Cache 5.2.1
LiteSpeed Cache 5.3
LiteSpeed Cache 5.3.1
LiteSpeed Cache 5.3.2
LiteSpeed Cache 5.3.3
LiteSpeed Cache 5.4
LiteSpeed Cache 5.5
LiteSpeed Cache 5.5.1
LiteSpeed Cache 5.6
LiteSpeed Cache 5.7
LiteSpeed Cache 5.7.0.1
LiteSpeed Cache 6.0
LiteSpeed Cache 6.0.0.1
LiteSpeed Cache 6.1
LiteSpeed Cache 6.2
LiteSpeed Cache 6.2.0.1
LiteSpeed Cache 6.3
LiteSpeed Cache 6.3.0.1
LiteSpeed Cache 6.4
LiteSpeed Cache 6.4.1
LiteSpeed Cache 6.5
LiteSpeed Cache 6.5.0.1
LiteSpeed Cache 6.5.0.2
LiteSpeed Cache 6.5.1

Improved Permission Checks in Admin API Endpoints

Skrevet den 15. april 20255. marts 2026 af i WooCommerce

This security update strengthens permission validation in several WooCommerce Admin API endpoints by ensuring that only authorized users can perform sensitive actions such as updating settings or deleting data via batch operations. The changes introduce explicit current_user_can() checks to prevent potential unauthorized access and align with WordPress capability standards.

This vulnerability affects the following application versions:

WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0-rc.1
WooCommerce 3.7.0-rc.2
WooCommerce 3.7.1
WooCommerce 3.7.2
WooCommerce 3.7.3
WooCommerce 3.8.0
WooCommerce 3.8.0-beta.1
WooCommerce 3.8.0-rc.1
WooCommerce 3.8.0-rc.2
WooCommerce 3.8.1
WooCommerce 3.8.2
WooCommerce 3.8.3
WooCommerce 3.9.0
WooCommerce 3.9.0-beta.1
WooCommerce 3.9.0-beta.2
WooCommerce 3.9.0-rc.1
WooCommerce 3.9.0-rc.2
WooCommerce 3.9.0-rc.3
WooCommerce 3.9.0-rc.4
WooCommerce 3.9.1
WooCommerce 3.9.2
WooCommerce 3.9.3
WooCommerce 3.9.4
WooCommerce 3.9.5
WooCommerce 4.0.0
WooCommerce 4.0.0-beta.1
WooCommerce 4.0.0-rc.1
WooCommerce 4.0.0-rc.2
WooCommerce 4.0.1
WooCommerce 4.0.2
WooCommerce 4.0.3
WooCommerce 4.0.4
WooCommerce 4.1.0
WooCommerce 4.1.0-beta.1
WooCommerce 4.1.0-beta.2
WooCommerce 4.1.0-rc.1
WooCommerce 4.1.0-rc.2
WooCommerce 4.1.0-rc.3
WooCommerce 4.1.1
WooCommerce 4.1.2
WooCommerce 4.1.2.1
WooCommerce 4.1.3
WooCommerce 4.1.4
WooCommerce 4.2.0
WooCommerce 4.2.0-beta.1
WooCommerce 4.2.0-RC.1
WooCommerce 4.2.0-RC.2
WooCommerce 4.2.1
WooCommerce 4.2.2
WooCommerce 4.2.3
WooCommerce 4.2.3.1
WooCommerce 4.2.4
WooCommerce 4.2.5
WooCommerce 4.3.0
WooCommerce 4.3.0-beta.1
WooCommerce 4.3.0-rc.1
WooCommerce 4.3.0-rc.2
WooCommerce 4.3.0-rc.3
WooCommerce 4.3.1
WooCommerce 4.3.2
WooCommerce 4.3.3
WooCommerce 4.3.4
WooCommerce 4.3.4.1
WooCommerce 4.3.5
WooCommerce 4.3.6
WooCommerce 4.4.0
WooCommerce 4.4.0-beta.1
WooCommerce 4.4.0-rc.1
WooCommerce 4.4.1
WooCommerce 4.4.2
WooCommerce 4.4.2.1
WooCommerce 4.4.3
WooCommerce 4.4.4
WooCommerce 4.5.0
WooCommerce 4.5.0-beta.1
WooCommerce 4.5.0-rc.1
WooCommerce 4.5.0-rc.2
WooCommerce 4.5.0-rc.3
WooCommerce 4.5.1
WooCommerce 4.5.2
WooCommerce 4.5.3
WooCommerce 4.5.3.1
WooCommerce 4.5.4
WooCommerce 4.5.5
WooCommerce 4.6.0
WooCommerce 4.6.0-beta.1
WooCommerce 4.6.0-rc.1
WooCommerce 4.6.1
WooCommerce 4.6.2
WooCommerce 4.6.3
WooCommerce 4.6.3.1
WooCommerce 4.6.4
WooCommerce 4.6.5
WooCommerce 4.7.0
WooCommerce 4.7.0-beta.1
WooCommerce 4.7.0-beta.2
WooCommerce 4.7.0-rc.1
WooCommerce 4.7.1
WooCommerce 4.7.1-beta.1
WooCommerce 4.7.2
WooCommerce 4.7.3
WooCommerce 4.7.4
WooCommerce 4.8.0
WooCommerce 4.8.0-beta.1
WooCommerce 4.8.0-rc.1
WooCommerce 4.8.0-rc.2
WooCommerce 4.8.1
WooCommerce 4.8.2
WooCommerce 4.8.3
WooCommerce 4.9.0
WooCommerce 4.9.0-beta.1
WooCommerce 4.9.0-rc.1
WooCommerce 4.9.0-rc.2
WooCommerce 4.9.1
WooCommerce 4.9.2
WooCommerce 4.9.3
WooCommerce 4.9.4
WooCommerce 4.9.5
WooCommerce 5.0.0
WooCommerce 5.0.0-beta.1
WooCommerce 5.0.0-beta.2
WooCommerce 5.0.0-rc.1
WooCommerce 5.0.0-rc.2
WooCommerce 5.0.0-rc.3
WooCommerce 5.0.1
WooCommerce 5.0.2
WooCommerce 5.0.3
WooCommerce 5.1.0
WooCommerce 5.1.0-beta.1
WooCommerce 5.1.0-rc.1
WooCommerce 5.1.1
WooCommerce 5.1.2
WooCommerce 5.1.3
WooCommerce 5.2.0
WooCommerce 5.2.0-beta.1
WooCommerce 5.2.0-rc.1
WooCommerce 5.2.0-rc.2
WooCommerce 5.2.1
WooCommerce 5.2.2
WooCommerce 5.2.3
WooCommerce 5.2.4
WooCommerce 5.2.5
WooCommerce 5.3.0
WooCommerce 5.3.0-beta.1
WooCommerce 5.3.0-rc.1
WooCommerce 5.3.0-rc.2
WooCommerce 5.3.1
WooCommerce 5.3.2
WooCommerce 5.3.3
WooCommerce 5.4.0
WooCommerce 5.4.0-beta.1
WooCommerce 5.4.0-rc.1
WooCommerce 5.4.1
WooCommerce 5.4.2
WooCommerce 5.4.3
WooCommerce 5.4.4
WooCommerce 5.4.5
WooCommerce 5.5.0
WooCommerce 5.5.0-beta.1
WooCommerce 5.5.0-rc.1
WooCommerce 5.5.0-rc.2
WooCommerce 5.5.1
WooCommerce 5.5.2
WooCommerce 5.5.3
WooCommerce 5.5.4
WooCommerce 5.5.5
WooCommerce 5.6.0
WooCommerce 5.6.0-beta.1
WooCommerce 5.6.0-rc.1
WooCommerce 5.6.0-rc.2
WooCommerce 5.6.1
WooCommerce 5.6.2
WooCommerce 5.6.3
WooCommerce 5.7.0
WooCommerce 5.7.0-beta.1
WooCommerce 5.7.0-rc.1
WooCommerce 5.7.0-rc.2
WooCommerce 5.7.1
WooCommerce 5.7.2
WooCommerce 5.7.3
WooCommerce 5.8.0
WooCommerce 5.8.0-beta.1
WooCommerce 5.8.0-beta.2
WooCommerce 5.8.0-rc.1
WooCommerce 5.8.1
WooCommerce 5.8.2
WooCommerce 5.9.0
WooCommerce 5.9.0-beta.1
WooCommerce 5.9.0-rc.1
WooCommerce 5.9.0-rc.2
WooCommerce 5.9.0-RC.1
WooCommerce 5.9.1
WooCommerce 5.9.2
WooCommerce 6.0.0
WooCommerce 6.0.0-beta.1
WooCommerce 6.0.0-rc.1
WooCommerce 6.0.1
WooCommerce 6.0.2
WooCommerce 6.1.0
WooCommerce 6.1.0-beta.1
WooCommerce 6.1.0-rc.1
WooCommerce 6.1.0-rc.2
WooCommerce 6.1.1
WooCommerce 6.1.2
WooCommerce 6.1.3
WooCommerce 6.2.0
WooCommerce 6.2.0-beta.1
WooCommerce 6.2.0-rc.1
WooCommerce 6.2.0-rc.2
WooCommerce 6.2.1
WooCommerce 6.2.2
WooCommerce 6.2.3
WooCommerce 6.3.0
WooCommerce 6.3.0-beta.1
WooCommerce 6.3.0-rc.1
WooCommerce 6.3.0-rc.2
WooCommerce 6.3.1
WooCommerce 6.3.2
WooCommerce 6.4.0
WooCommerce 6.4.0-beta.1
WooCommerce 6.4.0-rc.1
WooCommerce 6.4.1
WooCommerce 6.4.2
WooCommerce 6.5.0
WooCommerce 6.5.0-beta.1
WooCommerce 6.5.0-rc.1
WooCommerce 6.5.0-rc.2
WooCommerce 6.5.1
WooCommerce 6.5.2
WooCommerce 6.6.0
WooCommerce 6.6.0-beta.1
WooCommerce 6.6.0-rc.1
WooCommerce 6.6.0-rc.2
WooCommerce 6.6.1
WooCommerce 6.6.2
WooCommerce 6.7.0
WooCommerce 6.7.0-beta.1
WooCommerce 6.7.0-beta.2
WooCommerce 6.7.0-rc.1
WooCommerce 6.7.1
WooCommerce 6.8.0
WooCommerce 6.8.0-beta.1
WooCommerce 6.8.0-beta.2
WooCommerce 6.8.0-rc.1
WooCommerce 6.8.1
WooCommerce 6.8.2
WooCommerce 6.8.3
WooCommerce 6.9.0
WooCommerce 6.9.0-beta.1
WooCommerce 6.9.0-beta.2
WooCommerce 6.9.0-rc.1
WooCommerce 6.9.1
WooCommerce 6.9.2
WooCommerce 6.9.3
WooCommerce 6.9.4
WooCommerce 6.9.5
WooCommerce 7.0.0
WooCommerce 7.0.0-beta.1
WooCommerce 7.0.0-beta.2
WooCommerce 7.0.0-beta.3
WooCommerce 7.0.0-rc.1
WooCommerce 7.0.0-rc.2
WooCommerce 7.0.1
WooCommerce 7.0.2
WooCommerce 7.1.0
WooCommerce 7.1.0-beta.1
WooCommerce 7.1.0-beta.2
WooCommerce 7.1.0-rc.1
WooCommerce 7.1.0-rc.2
WooCommerce 7.1.1
WooCommerce 7.1.2
WooCommerce 7.2.0
WooCommerce 7.2.0-beta.1
WooCommerce 7.2.0-beta.2
WooCommerce 7.2.0-rc.1
WooCommerce 7.2.0-rc.2
WooCommerce 7.2.1
WooCommerce 7.2.2
WooCommerce 7.2.3
WooCommerce 7.2.4
WooCommerce 7.3.0
WooCommerce 7.3.0-beta.1
WooCommerce 7.3.0-beta.2
WooCommerce 7.3.0-rc.1
WooCommerce 7.3.0-rc.2
WooCommerce 7.3.1
WooCommerce 7.4.0
WooCommerce 7.4.0-beta.1
WooCommerce 7.4.0-beta.2
WooCommerce 7.4.0-rc.1
WooCommerce 7.4.0-rc.2
WooCommerce 7.4.1
WooCommerce 7.4.2
WooCommerce 7.5.0
WooCommerce 7.5.0-beta.1
WooCommerce 7.5.0-beta.2
WooCommerce 7.5.0-rc.1
WooCommerce 7.5.1
WooCommerce 7.5.2
WooCommerce 7.6.0
WooCommerce 7.6.0-beta.1
WooCommerce 7.6.0-beta.2
WooCommerce 7.6.0-rc.1
WooCommerce 7.6.0-rc.2
WooCommerce 7.6.0-rc.3
WooCommerce 7.6.1
WooCommerce 7.6.2
WooCommerce 7.7.0
WooCommerce 7.7.0-beta.1
WooCommerce 7.7.0-beta.2
WooCommerce 7.7.0-rc.1
WooCommerce 7.7.1
WooCommerce 7.7.2
WooCommerce 7.7.3
WooCommerce 7.8.0
WooCommerce 7.8.0-beta.1
WooCommerce 7.8.0-beta.2
WooCommerce 7.8.0-rc.1
WooCommerce 7.8.0-rc.2
WooCommerce 7.8.1
WooCommerce 7.8.2
WooCommerce 7.8.3
WooCommerce 7.8.4
WooCommerce 7.9.0
WooCommerce 7.9.0-beta.1
WooCommerce 7.9.0-beta.2
WooCommerce 7.9.0-rc.2
WooCommerce 7.9.0-rc.3
WooCommerce 7.9.1
WooCommerce 7.9.2
WooCommerce 8.0.0
WooCommerce 8.0.0-beta.1
WooCommerce 8.0.0-beta.2
WooCommerce 8.0.0-rc.1
WooCommerce 8.0.0-rc.2
WooCommerce 8.0.1
WooCommerce 8.0.2
WooCommerce 8.0.3
WooCommerce 8.0.4
WooCommerce 8.0.5
WooCommerce 8.1.0
WooCommerce 8.1.0-a.3
WooCommerce 8.1.0-a.4
WooCommerce 8.1.0-a.5
WooCommerce 8.1.0-beta.1
WooCommerce 8.1.0-rc.1
WooCommerce 8.1.0-rc.2
WooCommerce 8.1.1
WooCommerce 8.1.2
WooCommerce 8.1.3
WooCommerce 8.1.4
WooCommerce 8.2.0
WooCommerce 8.2.0-a.1
WooCommerce 8.2.0-beta.1
WooCommerce 8.2.0-rc.1
WooCommerce 8.2.0-rc.2
WooCommerce 8.2.1
WooCommerce 8.2.2
WooCommerce 8.2.3
WooCommerce 8.2.4
WooCommerce 8.2.5
WooCommerce 8.3.0
WooCommerce 8.3.0-beta.1
WooCommerce 8.3.0-rc.1
WooCommerce 8.3.0-rc.2
WooCommerce 8.3.1
WooCommerce 8.3.2
WooCommerce 8.3.3
WooCommerce 8.3.4
WooCommerce 8.4.0
WooCommerce 8.4.0-beta.1
WooCommerce 8.4.0-rc.1
WooCommerce 8.4.1
WooCommerce 8.4.2
WooCommerce 8.4.3
WooCommerce 8.5.0
WooCommerce 8.5.0-beta.1
WooCommerce 8.5.0-rc.1
WooCommerce 8.5.1
WooCommerce 8.5.2
WooCommerce 8.5.3
WooCommerce 8.5.4
WooCommerce 8.5.5
WooCommerce 8.6.0
WooCommerce 8.6.0-beta.1
WooCommerce 8.6.0-rc.1
WooCommerce 8.6.1
WooCommerce 8.6.2
WooCommerce 8.6.3
WooCommerce 8.6.4
WooCommerce 8.7.0
WooCommerce 8.7.0-beta.1
WooCommerce 8.7.0-beta.2
WooCommerce 8.7.0-rc.1
WooCommerce 8.7.1
WooCommerce 8.7.2
WooCommerce 8.7.3
WooCommerce 8.8.0
WooCommerce 8.8.0-beta.1
WooCommerce 8.8.0-rc.1
WooCommerce 8.8.1
WooCommerce 8.8.2
WooCommerce 8.8.3
WooCommerce 8.8.4
WooCommerce 8.8.5
WooCommerce 8.8.6
WooCommerce 8.8.7
WooCommerce 8.9.0
WooCommerce 8.9.0-beta.1
WooCommerce 8.9.0-rc.1
WooCommerce 8.9.1
WooCommerce 8.9.2
WooCommerce 8.9.3
WooCommerce 8.9.4
WooCommerce 8.9.5
WooCommerce 9.0.0
WooCommerce 9.0.0-beta.1
WooCommerce 9.0.0-beta.2
WooCommerce 9.0.0-rc.1
WooCommerce 9.0.1
WooCommerce 9.0.2
WooCommerce 9.0.3
WooCommerce 9.0.4
WooCommerce 9.1.0
WooCommerce 9.1.0-beta.1
WooCommerce 9.1.0-rc.1
WooCommerce 9.1.1
WooCommerce 9.1.2
WooCommerce 9.1.3
WooCommerce 9.1.4
WooCommerce 9.1.5
WooCommerce 9.1.6
WooCommerce 9.2.0
WooCommerce 9.2.0-beta.1
WooCommerce 9.2.0-rc.1
WooCommerce 9.2.1
WooCommerce 9.2.2
WooCommerce 9.2.3
WooCommerce 9.2.4
WooCommerce 9.2.5
WooCommerce 9.3.0
WooCommerce 9.3.0-beta.1
WooCommerce 9.3.0-rc.1
WooCommerce 9.3.1
WooCommerce 9.3.2
WooCommerce 9.3.3
WooCommerce 9.3.4
WooCommerce 9.3.5
WooCommerce 9.3.6
WooCommerce 9.4.0
WooCommerce 9.4.0-beta.1
WooCommerce 9.4.0-beta.2
WooCommerce 9.4.0-rc.1
WooCommerce 9.4.0-rc.2
WooCommerce 9.4.0-rc.3
WooCommerce 9.4.0-rc.4
WooCommerce 9.4.1
WooCommerce 9.4.2
WooCommerce 9.4.3
WooCommerce 9.4.4
WooCommerce 9.4.5
WooCommerce 9.5.0
WooCommerce 9.5.0-beta.1
WooCommerce 9.5.0-beta.2
WooCommerce 9.5.0-rc.1
WooCommerce 9.5.1
WooCommerce 9.6.0-beta.1
WooCommerce 9.6.0-beta.2

Improved code security enforcement in icon widget

Skrevet den 14. april 202518. oktober 2025 af i Elementor Website Builder

This vulnerability affects the following application versions:

Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7

MFA authentication bypass

Skrevet den 11. april 202518. oktober 2025 af i Joomla

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5

Stored cross-site scripting via admin settings

Skrevet den 11. april 202518. oktober 2025 af i WPForms

Improper sanitization and escaping of specific settings could allow high-privilege users (e.g., Admins) to execute stored Cross-Site Scripting (XSS) attacks. This issue remains exploitable even when unfiltered_html is disabled, such as in multisite environments.

This vulnerability affects the following application versions:

WPForms 1.8.1.1
WPForms 1.8.1.2
WPForms 1.8.1.3
WPForms 1.8.2.1
WPForms 1.8.2.2
WPForms 1.8.2.3
WPForms 1.8.3
WPForms 1.8.3.1
WPForms 1.8.4
WPForms 1.8.4.1
WPForms 1.8.5.2
WPForms 1.8.5.3
WPForms 1.8.5.4
WPForms 1.8.6.2
WPForms 1.8.6.3
WPForms 1.8.6.4
WPForms 1.8.7.2
WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4
WPForms 1.9.1.1
WPForms 1.9.1.2
WPForms 1.9.1.3
WPForms 1.9.1.4
WPForms 1.9.1.5

Stored cross-site scripting in the URL parameter in testimonals widget

Skrevet den 11. april 202518. oktober 2025 af i Elementor Website Builder

Due to insufficient input sensitization and output escaping on user supplied attributes, authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in Elementor Editor pages.

This vulnerability affects the following application versions:

Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4

Insufficient rest api permission check in wpforms gutenberg integration

Skrevet den 11. april 202518. oktober 2025 af i WPForms

The REST API route was originally protected using a generic permissions_check callback. This check did not properly restrict access to high-privilege users, potentially allowing unauthorized users to access sensitive endpoints.

This vulnerability affects the following application versions:

WPForms 1.8.8.2
WPForms 1.8.8.3
WPForms 1.8.9.1
WPForms 1.8.9.2
WPForms 1.8.9.4
WPForms 1.8.9.5
WPForms 1.8.9.6
WPForms 1.9.0.1
WPForms 1.9.0.2
WPForms 1.9.0.3
WPForms 1.9.0.4
WPForms 1.9.1.1
WPForms 1.9.1.2
WPForms 1.9.1.3
WPForms 1.9.1.4
WPForms 1.9.1.5
WPForms 1.9.1.6
WPForms 1.9.2.1
WPForms 1.9.2.2

SQL injection vulnerability in quoteNameStr method of Database package

Skrevet den 11. april 202518. oktober 2025 af i Joomla

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package.

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 4.4.12
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4
Joomla 5.2.5

Sensitive information exposure via shortcode

Skrevet den 1. april 202518. oktober 2025 af i Elementor Website Builder

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the ‘elementor-template’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates CVE-2024-8494

This vulnerability affects the following application versions:

Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10
Elementor Website Builder 3.26.0-beta1
Elementor Website Builder 3.26.0-beta2
Elementor Website Builder 3.26.0-beta3
Elementor Website Builder 3.26.0-dev1
Elementor Website Builder 3.26.0-dev2
Elementor Website Builder 3.26.0-dev3

Missing authorization to Server-Side Request Forgery

Skrevet den 1. april 202518. oktober 2025 af i W3 Total Cache

Plugin is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin’s nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.

CVE-2024-12365

This vulnerability affects the following application versions:

W3 Total Cache 2.4.0
W3 Total Cache 2.4.0-alpha.1
W3 Total Cache 2.4.0-alpha.3
W3 Total Cache 2.4.1
W3 Total Cache 2.5.0
W3 Total Cache 2.6.0
W3 Total Cache 2.6.0-alpha.1
W3 Total Cache 2.6.0-alpha.2
W3 Total Cache 2.6.1
W3 Total Cache 2.7.0
W3 Total Cache 2.7.1
W3 Total Cache 2.7.2
W3 Total Cache 2.7.3
W3 Total Cache 2.7.4
W3 Total Cache 2.7.5
W3 Total Cache 2.7.6
W3 Total Cache 2.7.7
W3 Total Cache 2.7.7-beta.1
W3 Total Cache 2.8.0
W3 Total Cache 2.8.1

Stored XSS to JS backdoor creation

Skrevet den 1. april 202518. oktober 2025 af i Popup Builder by Forward Looking

Attackers are able to inject malicious JavaScript into the plugin’s settings, specifically within the “Alt Text” field of an image in the popup. The injected script can be executed when the popup is viewed, enabling attackers to escalate privileges and potentially create a backdoor for account takeover.

CVE number: CVE-2024-9428

This vulnerability affects the following application versions:

Popup Builder by Forward Looking 3.7
Popup Builder by Forward Looking 3.7.1
Popup Builder by Forward Looking 3.69
Popup Builder by Forward Looking 3.69.1
Popup Builder by Forward Looking 3.69.2
Popup Builder by Forward Looking 3.69.3
Popup Builder by Forward Looking 3.69.4
Popup Builder by Forward Looking 3.69.5
Popup Builder by Forward Looking 3.69.6
Popup Builder by Forward Looking 3.71
Popup Builder by Forward Looking 3.72
Popup Builder by Forward Looking 3.73
Popup Builder by Forward Looking 3.74
Popup Builder by Forward Looking 3.75
Popup Builder by Forward Looking 3.76
Popup Builder by Forward Looking 3.77
Popup Builder by Forward Looking 3.78
Popup Builder by Forward Looking 3.79
Popup Builder by Forward Looking 3.81
Popup Builder by Forward Looking 3.82
Popup Builder by Forward Looking 3.83
Popup Builder by Forward Looking 3.84
Popup Builder by Forward Looking 4.0
Popup Builder by Forward Looking 4.0.1
Popup Builder by Forward Looking 4.0.2
Popup Builder by Forward Looking 4.0.3
Popup Builder by Forward Looking 4.0.4
Popup Builder by Forward Looking 4.0.5
Popup Builder by Forward Looking 4.0.6
Popup Builder by Forward Looking 4.0.7
Popup Builder by Forward Looking 4.0.8
Popup Builder by Forward Looking 4.0.9
Popup Builder by Forward Looking 4.1.0
Popup Builder by Forward Looking 4.1.1
Popup Builder by Forward Looking 4.1.2
Popup Builder by Forward Looking 4.1.3
Popup Builder by Forward Looking 4.1.4
Popup Builder by Forward Looking 4.1.5
Popup Builder by Forward Looking 4.1.6
Popup Builder by Forward Looking 4.1.7
Popup Builder by Forward Looking 4.1.8
Popup Builder by Forward Looking 4.1.9
Popup Builder by Forward Looking 4.1.10
Popup Builder by Forward Looking 4.1.11
Popup Builder by Forward Looking 4.1.12
Popup Builder by Forward Looking 4.1.13
Popup Builder by Forward Looking 4.1.14
Popup Builder by Forward Looking 4.1.15
Popup Builder by Forward Looking 4.2.0
Popup Builder by Forward Looking 4.2.2
Popup Builder by Forward Looking 4.2.3
Popup Builder by Forward Looking 4.2.4
Popup Builder by Forward Looking 4.2.5
Popup Builder by Forward Looking 4.2.6
Popup Builder by Forward Looking 4.2.7
Popup Builder by Forward Looking 4.3.0
Popup Builder by Forward Looking 4.3.2
Popup Builder by Forward Looking 4.3.3
Popup Builder by Forward Looking 4.3.4

Improper domain validation for usps url

Skrevet den 1. april 202513. juni 2025 af i Magento

The vulnerability arose from insufficient domain validation, allowing unauthorized URLs to be processed. The revised validation now strictly limits requests to approved domains, significantly reducing the risk of SSRF attacks.

This vulnerability affects the following application versions:

Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Stored Cross-Site Scripting via Page Title Widget

Skrevet den 27. marts 202518. oktober 2025 af i Ultimate Addons for Elementor

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE number: CVE-2024-11230

This vulnerability affects the following application versions:

Ultimate Addons for Elementor 1.6.41
Ultimate Addons for Elementor 1.6.42
Ultimate Addons for Elementor 1.6.43
Ultimate Addons for Elementor 1.6.44
Ultimate Addons for Elementor 1.6.45
Ultimate Addons for Elementor 1.6.46

Stored Cross-Site Scripting via critical CSS rules

Skrevet den 27. marts 202518. oktober 2025 af i Autoptimize

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the critical css rules in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE: CVE-2023-2113

This vulnerability affects the following application versions:

Autoptimize 3.1.1
Autoptimize 3.1.1.1
Autoptimize 3.1.2
Autoptimize 3.1.3
Autoptimize 3.1.4
Autoptimize 3.1.5
Autoptimize 3.1.6

Invalid file type upload

Skrevet den 27. marts 202518. oktober 2025 af i Safe SVG

Only allow SVG file types to be uploaded if our sanitizer is able to run on those files.

This vulnerability affects the following application versions:

Safe SVG 1.8.0
Safe SVG 1.8.1
Safe SVG 1.9.0
Safe SVG 1.9.1
Safe SVG 1.9.2
Safe SVG 1.9.3
Safe SVG 1.9.4
Safe SVG 1.9.5
Safe SVG 1.9.6
Safe SVG 1.9.7
Safe SVG 1.9.8
Safe SVG 1.9.9
Safe SVG 1.9.10
Safe SVG 2.0.0
Safe SVG 2.0.1
Safe SVG 2.0.2
Safe SVG 2.0.3
Safe SVG 2.1.0
Safe SVG 2.1.1
Safe SVG 2.2.0
Safe SVG 2.2.1
Safe SVG 2.2.2
Safe SVG 2.2.3
Safe SVG 2.2.4
Safe SVG 2.2.5
Safe SVG 2.2.6

Drupal – Cross Site Scripting – SA-CORE-2025-004

Skrevet den 25. marts 202524. maj 2026 af i Drupal

Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability (XSS).

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.3.13
Drupal 10.3.14
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 10.4.3
Drupal 10.4.4
Drupal 10.4.5
Drupal 10.4.6
Drupal 10.4.7
Drupal 10.4.8
Drupal 10.4.9
Drupal 10.4.10
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.0.12
Drupal 11.0.13
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2
Drupal 11.1.3
Drupal 11.1.4
Drupal 11.1.5
Drupal 11.1.6

XSS in file upload

Skrevet den 25. marts 202518. oktober 2025 af i Safe SVG

The Safe SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVE number: CVE-2024-8378

This vulnerability affects the following application versions:

Safe SVG 1.0.0
Safe SVG 1.1.0
Safe SVG 1.1.1
Safe SVG 1.2.0
Safe SVG 1.3.0
Safe SVG 1.3.1
Safe SVG 1.3.2
Safe SVG 1.3.3
Safe SVG 1.3.4
Safe SVG 1.4.0
Safe SVG 1.4.1
Safe SVG 1.4.2
Safe SVG 1.4.3
Safe SVG 1.4.4
Safe SVG 1.4.5
Safe SVG 1.5.0
Safe SVG 1.5.1
Safe SVG 1.5.2
Safe SVG 1.5.3
Safe SVG 1.6.0
Safe SVG 1.6.1
Safe SVG 1.7.1
Safe SVG 1.8.0
Safe SVG 1.8.1
Safe SVG 1.9.0
Safe SVG 1.9.1
Safe SVG 1.9.2
Safe SVG 1.9.3
Safe SVG 1.9.4
Safe SVG 1.9.5
Safe SVG 1.9.6
Safe SVG 1.9.7
Safe SVG 1.9.8
Safe SVG 1.9.9
Safe SVG 1.9.10
Safe SVG 2.0.0
Safe SVG 2.0.1
Safe SVG 2.0.2
Safe SVG 2.0.3
Safe SVG 2.1.0
Safe SVG 2.1.1
Safe SVG 2.2.0
Safe SVG 2.2.1
Safe SVG 2.2.2
Safe SVG 2.2.3
Safe SVG 2.2.4
Safe SVG 2.2.5

Incorrect permission via the categories api

Skrevet den 18. marts 202518. oktober 2025 af i Spectra – WordPress Gutenberg Blocks

This fix adds a permission check to restrict access to the Categories API. It ensures that only users with the manage_ast_block_templates capability can perform certain actions, preventing unauthorized users from accessing or modifying category data. This improves security by enforcing proper access controls.

This vulnerability affects the following application versions:

Spectra – WordPress Gutenberg Blocks 2.11.0
Spectra – WordPress Gutenberg Blocks 2.11.1
Spectra – WordPress Gutenberg Blocks 2.11.2
Spectra – WordPress Gutenberg Blocks 2.11.3
Spectra – WordPress Gutenberg Blocks 2.11.4
Spectra – WordPress Gutenberg Blocks 2.12.0
Spectra – WordPress Gutenberg Blocks 2.12.1
Spectra – WordPress Gutenberg Blocks 2.12.2
Spectra – WordPress Gutenberg Blocks 2.12.3
Spectra – WordPress Gutenberg Blocks 2.12.4
Spectra – WordPress Gutenberg Blocks 2.12.5
Spectra – WordPress Gutenberg Blocks 2.12.6
Spectra – WordPress Gutenberg Blocks 2.12.7
Spectra – WordPress Gutenberg Blocks 2.12.8
Spectra – WordPress Gutenberg Blocks 2.12.9
Spectra – WordPress Gutenberg Blocks 2.13.0
Spectra – WordPress Gutenberg Blocks 2.13.1
Spectra – WordPress Gutenberg Blocks 2.13.2
Spectra – WordPress Gutenberg Blocks 2.13.3
Spectra – WordPress Gutenberg Blocks 2.13.4
Spectra – WordPress Gutenberg Blocks 2.13.5
Spectra – WordPress Gutenberg Blocks 2.13.6
Spectra – WordPress Gutenberg Blocks 2.13.7
Spectra – WordPress Gutenberg Blocks 2.13.8
Spectra – WordPress Gutenberg Blocks 2.13.9
Spectra – WordPress Gutenberg Blocks 2.14.0
Spectra – WordPress Gutenberg Blocks 2.14.1
Spectra – WordPress Gutenberg Blocks 2.15.0
Spectra – WordPress Gutenberg Blocks 2.15.1
Spectra – WordPress Gutenberg Blocks 2.15.2
Starter Templates – AI-Powered Templates 0.4.4.0
Starter Templates – AI-Powered Templates 3.5.0
Starter Templates – AI-Powered Templates 3.5.2
Starter Templates – AI-Powered Templates 3.5.3
Starter Templates – AI-Powered Templates 3.5.4
Starter Templates – AI-Powered Templates 3.5.5
Starter Templates – AI-Powered Templates 3.5.6
Starter Templates – AI-Powered Templates 3.5.7
Starter Templates – AI-Powered Templates 4.0.0
Starter Templates – AI-Powered Templates 4.0.1
Starter Templates – AI-Powered Templates 4.0.2
Starter Templates – AI-Powered Templates 4.0.3
Starter Templates – AI-Powered Templates 4.0.4
Starter Templates – AI-Powered Templates 4.0.5
Starter Templates – AI-Powered Templates 4.0.6
Starter Templates – AI-Powered Templates 4.0.7
Starter Templates – AI-Powered Templates 4.0.8
Starter Templates – AI-Powered Templates 4.0.9
Starter Templates – AI-Powered Templates 4.0.10
Starter Templates – AI-Powered Templates 4.0.11
Starter Templates – AI-Powered Templates 4.0.12
Starter Templates – AI-Powered Templates 4.0.13
Starter Templates – AI-Powered Templates 4.1.0
Starter Templates – AI-Powered Templates 4.1.1
Starter Templates – AI-Powered Templates 4.1.2
Starter Templates – AI-Powered Templates 4.1.3
Starter Templates – AI-Powered Templates 4.1.4
Starter Templates – AI-Powered Templates 4.1.5
Starter Templates – AI-Powered Templates 4.1.6
Starter Templates – AI-Powered Templates 4.1.7
Starter Templates – AI-Powered Templates 4.2.0
Starter Templates – AI-Powered Templates 4.2.1
Starter Templates – AI-Powered Templates 4.2.2
Starter Templates – AI-Powered Templates 4.2.3
Starter Templates – AI-Powered Templates 4.2.4
Starter Templates – AI-Powered Templates 4.2.5
Starter Templates – AI-Powered Templates 4.2.6
Starter Templates – AI-Powered Templates 4.3.0
Starter Templates – AI-Powered Templates 4.3.1
Starter Templates – AI-Powered Templates 4.3.2
Starter Templates – AI-Powered Templates 4.3.3
Starter Templates – AI-Powered Templates 4.3.4
Starter Templates – AI-Powered Templates 4.3.5
Starter Templates – AI-Powered Templates 4.3.6
Starter Templates – AI-Powered Templates 4.3.7
Starter Templates – AI-Powered Templates 4.3.8
Starter Templates – AI-Powered Templates 4.3.9
Starter Templates – AI-Powered Templates 4.4.0
Starter Templates – AI-Powered Templates 4.4.1

XSS in the blocks config

Skrevet den 18. marts 202518. oktober 2025 af i Spectra – WordPress Gutenberg Blocks

The page limit attributes of the pagination are not properly sanitized to prevent an XSS attack.

This vulnerability affects the following application versions:

Spectra – WordPress Gutenberg Blocks 1.5.1
Spectra – WordPress Gutenberg Blocks 1.15.0
Spectra – WordPress Gutenberg Blocks 1.15.1
Spectra – WordPress Gutenberg Blocks 1.15.2
Spectra – WordPress Gutenberg Blocks 1.16.0
Spectra – WordPress Gutenberg Blocks 1.16.1
Spectra – WordPress Gutenberg Blocks 1.17.0
Spectra – WordPress Gutenberg Blocks 1.18.0
Spectra – WordPress Gutenberg Blocks 1.18.1
Spectra – WordPress Gutenberg Blocks 1.18.2
Spectra – WordPress Gutenberg Blocks 1.19.0
Spectra – WordPress Gutenberg Blocks 1.20.0
Spectra – WordPress Gutenberg Blocks 1.20.1
Spectra – WordPress Gutenberg Blocks 1.21.0
Spectra – WordPress Gutenberg Blocks 1.21.1
Spectra – WordPress Gutenberg Blocks 1.22.0
Spectra – WordPress Gutenberg Blocks 1.22.1
Spectra – WordPress Gutenberg Blocks 1.22.2
Spectra – WordPress Gutenberg Blocks 1.22.3
Spectra – WordPress Gutenberg Blocks 1.22.4
Spectra – WordPress Gutenberg Blocks 1.22.5
Spectra – WordPress Gutenberg Blocks 1.23.0
Spectra – WordPress Gutenberg Blocks 1.23.1
Spectra – WordPress Gutenberg Blocks 1.23.2
Spectra – WordPress Gutenberg Blocks 1.23.3
Spectra – WordPress Gutenberg Blocks 1.23.4
Spectra – WordPress Gutenberg Blocks 1.23.5
Spectra – WordPress Gutenberg Blocks 1.24.0
Spectra – WordPress Gutenberg Blocks 1.24.1
Spectra – WordPress Gutenberg Blocks 1.24.2
Spectra – WordPress Gutenberg Blocks 1.25.0
Spectra – WordPress Gutenberg Blocks 1.25.1
Spectra – WordPress Gutenberg Blocks 1.25.2
Spectra – WordPress Gutenberg Blocks 1.25.3
Spectra – WordPress Gutenberg Blocks 1.25.4
Spectra – WordPress Gutenberg Blocks 1.25.5
Spectra – WordPress Gutenberg Blocks 1.25.6
Spectra – WordPress Gutenberg Blocks 2.0.0
Spectra – WordPress Gutenberg Blocks 2.0.1
Spectra – WordPress Gutenberg Blocks 2.0.2
Spectra – WordPress Gutenberg Blocks 2.0.3
Spectra – WordPress Gutenberg Blocks 2.0.4
Spectra – WordPress Gutenberg Blocks 2.0.5
Spectra – WordPress Gutenberg Blocks 2.0.6
Spectra – WordPress Gutenberg Blocks 2.0.7
Spectra – WordPress Gutenberg Blocks 2.0.8
Spectra – WordPress Gutenberg Blocks 2.0.9
Spectra – WordPress Gutenberg Blocks 2.0.10
Spectra – WordPress Gutenberg Blocks 2.0.11
Spectra – WordPress Gutenberg Blocks 2.0.12
Spectra – WordPress Gutenberg Blocks 2.0.13
Spectra – WordPress Gutenberg Blocks 2.0.14
Spectra – WordPress Gutenberg Blocks 2.0.15
Spectra – WordPress Gutenberg Blocks 2.0.16
Spectra – WordPress Gutenberg Blocks 2.1.0
Spectra – WordPress Gutenberg Blocks 2.1.1
Spectra – WordPress Gutenberg Blocks 2.2.0
Spectra – WordPress Gutenberg Blocks 2.3.0
Spectra – WordPress Gutenberg Blocks 2.3.1
Spectra – WordPress Gutenberg Blocks 2.3.2
Spectra – WordPress Gutenberg Blocks 2.3.3
Spectra – WordPress Gutenberg Blocks 2.3.4
Spectra – WordPress Gutenberg Blocks 2.3.5
Spectra – WordPress Gutenberg Blocks 2.4.0
Spectra – WordPress Gutenberg Blocks 2.4.1
Spectra – WordPress Gutenberg Blocks 2.4.2
Spectra – WordPress Gutenberg Blocks 2.5.0
Spectra – WordPress Gutenberg Blocks 2.5.1
Spectra – WordPress Gutenberg Blocks 2.6.0
Spectra – WordPress Gutenberg Blocks 2.6.1
Spectra – WordPress Gutenberg Blocks 2.6.2
Spectra – WordPress Gutenberg Blocks 2.6.3
Spectra – WordPress Gutenberg Blocks 2.6.4
Spectra – WordPress Gutenberg Blocks 2.6.5
Spectra – WordPress Gutenberg Blocks 2.6.6
Spectra – WordPress Gutenberg Blocks 2.6.7
Spectra – WordPress Gutenberg Blocks 2.6.8
Spectra – WordPress Gutenberg Blocks 2.6.9
Spectra – WordPress Gutenberg Blocks 2.7.0
Spectra – WordPress Gutenberg Blocks 2.7.1
Spectra – WordPress Gutenberg Blocks 2.7.2
Spectra – WordPress Gutenberg Blocks 2.7.3
Spectra – WordPress Gutenberg Blocks 2.7.4
Spectra – WordPress Gutenberg Blocks 2.7.5
Spectra – WordPress Gutenberg Blocks 2.7.6
Spectra – WordPress Gutenberg Blocks 2.7.7
Spectra – WordPress Gutenberg Blocks 2.7.8
Spectra – WordPress Gutenberg Blocks 2.7.9
Spectra – WordPress Gutenberg Blocks 2.7.10
Spectra – WordPress Gutenberg Blocks 2.7.11
Spectra – WordPress Gutenberg Blocks 2.8.0
Spectra – WordPress Gutenberg Blocks 2.9.0
Spectra – WordPress Gutenberg Blocks 2.9.1
Spectra – WordPress Gutenberg Blocks 2.10.0
Spectra – WordPress Gutenberg Blocks 2.10.1
Spectra – WordPress Gutenberg Blocks 2.10.2
Spectra – WordPress Gutenberg Blocks 2.10.3
Spectra – WordPress Gutenberg Blocks 2.10.4
Spectra – WordPress Gutenberg Blocks 2.10.5
Spectra – WordPress Gutenberg Blocks 2.11.0
Spectra – WordPress Gutenberg Blocks 2.11.1
Spectra – WordPress Gutenberg Blocks 2.11.2
Spectra – WordPress Gutenberg Blocks 2.11.3
Spectra – WordPress Gutenberg Blocks 2.11.4
Spectra – WordPress Gutenberg Blocks 2.12.0
Spectra – WordPress Gutenberg Blocks 2.12.1
Spectra – WordPress Gutenberg Blocks 2.12.2
Spectra – WordPress Gutenberg Blocks 2.12.3
Spectra – WordPress Gutenberg Blocks 2.12.4
Spectra – WordPress Gutenberg Blocks 2.12.5
Spectra – WordPress Gutenberg Blocks 2.12.6
Spectra – WordPress Gutenberg Blocks 2.12.7
Spectra – WordPress Gutenberg Blocks 2.12.8
Spectra – WordPress Gutenberg Blocks 2.12.9
Spectra – WordPress Gutenberg Blocks 2.13.0
Spectra – WordPress Gutenberg Blocks 2.13.1
Spectra – WordPress Gutenberg Blocks 2.13.2
Spectra – WordPress Gutenberg Blocks 2.13.3
Spectra – WordPress Gutenberg Blocks 2.13.4
Spectra – WordPress Gutenberg Blocks 2.13.5
Spectra – WordPress Gutenberg Blocks 2.13.6
Spectra – WordPress Gutenberg Blocks 2.13.7
Spectra – WordPress Gutenberg Blocks 2.13.8
Spectra – WordPress Gutenberg Blocks 2.13.9
Spectra – WordPress Gutenberg Blocks 2.14.0
Spectra – WordPress Gutenberg Blocks 2.14.1
Spectra – WordPress Gutenberg Blocks 2.15.0
Spectra – WordPress Gutenberg Blocks 2.15.1
Spectra – WordPress Gutenberg Blocks 2.15.2
Spectra – WordPress Gutenberg Blocks 2.15.3
Spectra – WordPress Gutenberg Blocks 2.16.0
Spectra – WordPress Gutenberg Blocks 2.16.1
Spectra – WordPress Gutenberg Blocks 2.16.2
Spectra – WordPress Gutenberg Blocks 2.16.3
Spectra – WordPress Gutenberg Blocks 2.16.4
Spectra – WordPress Gutenberg Blocks 2.16.5
Spectra – WordPress Gutenberg Blocks 2.17.0
Spectra – WordPress Gutenberg Blocks 2.18.0

Cross-Site Scripting in chooser in magento widget

Skrevet den 18. marts 202513. juni 2025 af i Magento

A few sections of the app dont sanitize id to prevent xss attacks on getRowClickCallback function.

This vulnerability affects the following application versions:

Magento 0.74.0-beta13
Magento 0.74.0-beta14
Magento 0.74.0-beta15
Magento 0.74.0-beta16
Magento 1.0.0-beta
Magento 1.0.0-beta2
Magento 1.0.0-beta3
Magento 1.0.0-beta4
Magento 1.0.0-beta5
Magento 1.0.0-beta6
Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Improper neutralization of input during web page generation (‘Cross-site Scripting’)

Skrevet den 18. marts 202518. oktober 2025 af i Magento

A low-privileged attacker can exploit vulnerable form fields to inject malicious scripts (Cross-Site Scripting – XSS). When a victim accesses the affected page, the malicious JavaScript executes in their browser, potentially allowing the attacker to exfiltrate sensitive information. This vulnerability poses a high confidentiality impact, as the attacker can access session tokens, credentials, or other sensitive data from the victim’s session

CVE number:; CVE-2024-45116

This vulnerability affects the following application versions:

Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Improper input validation in product import

Skrevet den 18. marts 202518. oktober 2025 af i Magento

An unauthenticated administrative users can read arbitrary files outside intended directories via PHP filter chains while importing a product.

This vulnerability affects the following application versions:

Magento 2.0.0
Magento 2.0.0-rc
Magento 2.0.0-rc2
Magento 2.0.1
Magento 2.0.2
Magento 2.0.3
Magento 2.0.4
Magento 2.0.5
Magento 2.0.6
Magento 2.0.7
Magento 2.0.8
Magento 2.0.9
Magento 2.0.10
Magento 2.0.11
Magento 2.0.12
Magento 2.0.13
Magento 2.0.14
Magento 2.0.15
Magento 2.0.16
Magento 2.0.17
Magento 2.0.18
Magento 2.1.0
Magento 2.1.0-rc1
Magento 2.1.0-rc2
Magento 2.1.0-rc3
Magento 2.1.1
Magento 2.1.2
Magento 2.1.3
Magento 2.1.4
Magento 2.1.5
Magento 2.1.6
Magento 2.1.7
Magento 2.1.8
Magento 2.1.9
Magento 2.1.10
Magento 2.1.11
Magento 2.1.12
Magento 2.1.13
Magento 2.1.14
Magento 2.1.15
Magento 2.1.16
Magento 2.1.17
Magento 2.1.18
Magento 2.2.0
Magento 2.2.0-rc2.0
Magento 2.2.0-rc2.1
Magento 2.2.0-rc2.2
Magento 2.2.0-rc2.3
Magento 2.2.0-rc3.0
Magento 2.2.0-RC1.1
Magento 2.2.0-RC1.2
Magento 2.2.0-RC1.3
Magento 2.2.0-RC1.4
Magento 2.2.0-RC1.5
Magento 2.2.0-RC1.6
Magento 2.2.0-RC1.8
Magento 2.2.1
Magento 2.2.2
Magento 2.2.3
Magento 2.2.4
Magento 2.2.5
Magento 2.2.6
Magento 2.2.7
Magento 2.2.8
Magento 2.2.9
Magento 2.2.10
Magento 2.2.11
Magento 2.3.0
Magento 2.3.1
Magento 2.3.2
Magento 2.3.2-p1
Magento 2.3.2-p2
Magento 2.3.3
Magento 2.3.3-p1
Magento 2.3.4
Magento 2.3.4-p2
Magento 2.3.5
Magento 2.3.5-p1
Magento 2.3.5-p2
Magento 2.3.6
Magento 2.3.6-p1
Magento 2.3.7
Magento 2.3.7-p1
Magento 2.3.7-p2
Magento 2.3.7-p3
Magento 2.3.7-p4
Magento 2.4.0
Magento 2.4.0-p1
Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.2-p2
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.4-p10
Magento 2.4.4-p11
Magento 2.4.4-p12
Magento 2.4.4-p13
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.5-p9
Magento 2.4.5-p10
Magento 2.4.5-p11
Magento 2.4.5-p12
Magento 2.4.5-p13
Magento 2.4.5-p14
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.6-p7
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1
Magento 2.4.7-p2

Incorrect Permission

Skrevet den 18. marts 202518. oktober 2025 af i Magento

This update resolves critical, important and moderate vulnerabilities.  Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation.

This vulnerability affects the following application versions:

Magento 2.4.1
Magento 2.4.1-p1
Magento 2.4.2
Magento 2.4.2-p1
Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

Stored Cross-Site Scripting via Rank Math API

Skrevet den 18. marts 202518. oktober 2025 af i Rank Math SEO

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218
Rank Math SEO 1.0.219
Rank Math SEO 1.0.220
Rank Math SEO 1.0.221
Rank Math SEO 1.0.222
Rank Math SEO 1.0.223
Rank Math SEO 1.0.224
Rank Math SEO 1.0.225
Rank Math SEO 1.0.226
Rank Math SEO 1.0.227
Rank Math SEO 1.0.227.1
Rank Math SEO 1.0.228
Rank Math SEO 1.0.229
Rank Math SEO 1.0.230
Rank Math SEO 1.0.231
Rank Math SEO 1.0.232
Rank Math SEO 1.0.233
Rank Math SEO 1.0.234
Rank Math SEO 1.0.234.1
Rank Math SEO 1.0.235

Insecure Hardcoded URL Parameter Leading to Potential Attacks

Skrevet den 13. marts 202518. oktober 2025 af i Spectra – WordPress Gutenberg Blocks

ZIP_AI_CREDIT_TOPUP_URL is not strictly validated or sanitized, an attacker could craft a malicious URL and inject arbitrary parameters, leading to phishing, open redirects, or unauthorized actions on external services

This vulnerability affects the following application versions:

Spectra – WordPress Gutenberg Blocks 2.10.2
Spectra – WordPress Gutenberg Blocks 2.10.3
Spectra – WordPress Gutenberg Blocks 2.10.4
Spectra – WordPress Gutenberg Blocks 2.10.5
Spectra – WordPress Gutenberg Blocks 2.11.0
Spectra – WordPress Gutenberg Blocks 2.11.1
Spectra – WordPress Gutenberg Blocks 2.11.2
Spectra – WordPress Gutenberg Blocks 2.11.3
Spectra – WordPress Gutenberg Blocks 2.11.4
Spectra – WordPress Gutenberg Blocks 2.12.0
Spectra – WordPress Gutenberg Blocks 2.12.1
Spectra – WordPress Gutenberg Blocks 2.12.2
Spectra – WordPress Gutenberg Blocks 2.12.3
Spectra – WordPress Gutenberg Blocks 2.12.4
Spectra – WordPress Gutenberg Blocks 2.12.5
Spectra – WordPress Gutenberg Blocks 2.12.6
Spectra – WordPress Gutenberg Blocks 2.12.7
Spectra – WordPress Gutenberg Blocks 2.12.8
Spectra – WordPress Gutenberg Blocks 2.12.9
Spectra – WordPress Gutenberg Blocks 2.13.0
Spectra – WordPress Gutenberg Blocks 2.13.1
Spectra – WordPress Gutenberg Blocks 2.13.2
Spectra – WordPress Gutenberg Blocks 2.13.3
Spectra – WordPress Gutenberg Blocks 2.13.4
Spectra – WordPress Gutenberg Blocks 2.13.5
Spectra – WordPress Gutenberg Blocks 2.13.6
Spectra – WordPress Gutenberg Blocks 2.13.7
Spectra – WordPress Gutenberg Blocks 2.13.8
Spectra – WordPress Gutenberg Blocks 2.13.9
Spectra – WordPress Gutenberg Blocks 2.14.0
Spectra – WordPress Gutenberg Blocks 2.14.1
Spectra – WordPress Gutenberg Blocks 2.15.0
Spectra – WordPress Gutenberg Blocks 2.15.1
Spectra – WordPress Gutenberg Blocks 2.15.2
Spectra – WordPress Gutenberg Blocks 2.15.3
Spectra – WordPress Gutenberg Blocks 2.16.0
Spectra – WordPress Gutenberg Blocks 2.16.1

[20250301] – Malicious file uploads via Media Manager

Skrevet den 13. marts 2025 af i Joomla

Inadequate checks in the Media Manager allowed users with “edit” privileges to create executable PHP files.

CVE Number: CVE-2025-22213

Source link: https://developer.joomla.org/security-centre/961-20250301-core-malicious-file-uploads-via-media-manager.html

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 4.4.11
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3
Joomla 5.2.4

Improper URL Sanitization in Shortcode Rendering

Skrevet den 13. marts 202518. oktober 2025 af i Limit Login Attempts Reloaded

The Shortcodes.php file in Limit Login Attempts Reloaded improperly sanitizes user-provided URLs by using esc_attr() instead of esc_url()

This vulnerability affects the following application versions:

Limit Login Attempts Reloaded 2.23.0
Limit Login Attempts Reloaded 2.23.1
Limit Login Attempts Reloaded 2.23.2
Limit Login Attempts Reloaded 2.24.0
Limit Login Attempts Reloaded 2.24.1
Limit Login Attempts Reloaded 2.25.0
Limit Login Attempts Reloaded 2.25.1
Limit Login Attempts Reloaded 2.25.2
Limit Login Attempts Reloaded 2.25.3
Limit Login Attempts Reloaded 2.25.4
Limit Login Attempts Reloaded 2.25.5
Limit Login Attempts Reloaded 2.25.6
Limit Login Attempts Reloaded 2.25.7
Limit Login Attempts Reloaded 2.25.8
Limit Login Attempts Reloaded 2.25.9
Limit Login Attempts Reloaded 2.25.10
Limit Login Attempts Reloaded 2.25.11
Limit Login Attempts Reloaded 2.25.12
Limit Login Attempts Reloaded 2.25.13
Limit Login Attempts Reloaded 2.25.14
Limit Login Attempts Reloaded 2.25.15
Limit Login Attempts Reloaded 2.25.16
Limit Login Attempts Reloaded 2.25.17
Limit Login Attempts Reloaded 2.25.18
Limit Login Attempts Reloaded 2.25.19
Limit Login Attempts Reloaded 2.25.20
Limit Login Attempts Reloaded 2.25.21
Limit Login Attempts Reloaded 2.25.22
Limit Login Attempts Reloaded 2.25.23
Limit Login Attempts Reloaded 2.25.24
Limit Login Attempts Reloaded 2.25.25
Limit Login Attempts Reloaded 2.25.26

XSS on wc-cart page

Skrevet den 4. marts 20255. marts 2026 af i WooCommerce

Validate and sanitize the event origin and event data when listening to message events from attachParentListeners function to prevent xss attacks during the customize your store flow

This vulnerability affects the following application versions:

WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
WooCommerce 2.5.0-RC3
WooCommerce 2.5.1
WooCommerce 2.5.2
WooCommerce 2.5.3
WooCommerce 2.5.4
WooCommerce 2.5.5
WooCommerce 2.6.0
WooCommerce 2.6.0-RC1
WooCommerce 2.6.0-RC2
WooCommerce 2.6.1
WooCommerce 2.6.2
WooCommerce 2.6.3
WooCommerce 2.6.4
WooCommerce 2.6.5
WooCommerce 2.6.6
WooCommerce 2.6.7
WooCommerce 2.6.8
WooCommerce 2.6.9
WooCommerce 2.6.10
WooCommerce 2.6.11
WooCommerce 2.6.12
WooCommerce 2.6.13
WooCommerce 2.6.14
WooCommerce 2.7.0-RC1
WooCommerce 3.0.0
WooCommerce 3.0.0-rc.1
WooCommerce 3.0.0-rc.2
WooCommerce 3.0.1
WooCommerce 3.0.2
WooCommerce 3.0.3
WooCommerce 3.0.4
WooCommerce 3.0.5
WooCommerce 3.0.6
WooCommerce 3.0.7
WooCommerce 3.0.8
WooCommerce 3.0.9
WooCommerce 3.1.0
WooCommerce 3.1.0-rc.1
WooCommerce 3.1.0-rc.2
WooCommerce 3.1.1
WooCommerce 3.1.2
WooCommerce 3.2.0
WooCommerce 3.2.0-rc.1
WooCommerce 3.2.0-rc.2
WooCommerce 3.2.1
WooCommerce 3.2.2
WooCommerce 3.2.3
WooCommerce 3.2.4
WooCommerce 3.2.5
WooCommerce 3.2.6
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3.0-rc.2
WooCommerce 3.3.1
WooCommerce 3.3.1-rc.1
WooCommerce 3.3.2
WooCommerce 3.3.2-rc.1
WooCommerce 3.3.3
WooCommerce 3.3.4
WooCommerce 3.3.5
WooCommerce 3.3.6
WooCommerce 3.4.0
WooCommerce 3.4.0-beta.1
WooCommerce 3.4.0-rc.1
WooCommerce 3.4.0-rc.2
WooCommerce 3.4.1
WooCommerce 3.4.2
WooCommerce 3.4.3
WooCommerce 3.4.4
WooCommerce 3.4.5
WooCommerce 3.4.6
WooCommerce 3.4.7
WooCommerce 3.4.8
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5.0-rc.1
WooCommerce 3.5.0-rc.2
WooCommerce 3.5.1
WooCommerce 3.5.2
WooCommerce 3.5.3
WooCommerce 3.5.4
WooCommerce 3.5.5
WooCommerce 3.5.6
WooCommerce 3.5.7
WooCommerce 3.5.8
WooCommerce 3.5.9
WooCommerce 3.5.10
WooCommerce 3.6.0
WooCommerce 3.6.0-beta.1
WooCommerce 3.6.0-rc.1
WooCommerce 3.6.0-rc.2
WooCommerce 3.6.0-rc.3
WooCommerce 3.6.1
WooCommerce 3.6.2
WooCommerce 3.6.3
WooCommerce 3.6.4
WooCommerce 3.6.5
WooCommerce 3.6.6
WooCommerce 3.6.7
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0-rc.1
WooCommerce 3.7.0-rc.2
WooCommerce 3.7.1
WooCommerce 3.7.2
WooCommerce 3.7.3
WooCommerce 3.8.0
WooCommerce 3.8.0-beta.1
WooCommerce 3.8.0-rc.1
WooCommerce 3.8.0-rc.2
WooCommerce 3.8.1
WooCommerce 3.8.2
WooCommerce 3.8.3
WooCommerce 3.9.0
WooCommerce 3.9.0-beta.1
WooCommerce 3.9.0-beta.2
WooCommerce 3.9.0-rc.1
WooCommerce 3.9.0-rc.2
WooCommerce 3.9.0-rc.3
WooCommerce 3.9.0-rc.4
WooCommerce 3.9.1
WooCommerce 3.9.2
WooCommerce 3.9.3
WooCommerce 3.9.4
WooCommerce 3.9.5
WooCommerce 4.0.0
WooCommerce 4.0.0-beta.1
WooCommerce 4.0.0-rc.1
WooCommerce 4.0.0-rc.2
WooCommerce 4.0.1
WooCommerce 4.0.2
WooCommerce 4.0.3
WooCommerce 4.0.4
WooCommerce 4.1.0
WooCommerce 4.1.0-beta.1
WooCommerce 4.1.0-beta.2
WooCommerce 4.1.0-rc.1
WooCommerce 4.1.0-rc.2
WooCommerce 4.1.0-rc.3
WooCommerce 4.1.1
WooCommerce 4.1.2
WooCommerce 4.1.2.1
WooCommerce 4.1.3
WooCommerce 4.1.4
WooCommerce 4.2.0
WooCommerce 4.2.0-beta.1
WooCommerce 4.2.0-RC.1
WooCommerce 4.2.0-RC.2
WooCommerce 4.2.1
WooCommerce 4.2.2
WooCommerce 4.2.3
WooCommerce 4.2.3.1
WooCommerce 4.2.4
WooCommerce 4.2.5
WooCommerce 4.3.0
WooCommerce 4.3.0-beta.1
WooCommerce 4.3.0-rc.1
WooCommerce 4.3.0-rc.2
WooCommerce 4.3.0-rc.3
WooCommerce 4.3.1
WooCommerce 4.3.2
WooCommerce 4.3.3
WooCommerce 4.3.4
WooCommerce 4.3.4.1
WooCommerce 4.3.5
WooCommerce 4.3.6
WooCommerce 4.4.0
WooCommerce 4.4.0-beta.1
WooCommerce 4.4.0-rc.1
WooCommerce 4.4.1
WooCommerce 4.4.2
WooCommerce 4.4.2.1
WooCommerce 4.4.3
WooCommerce 4.4.4
WooCommerce 4.5.0
WooCommerce 4.5.0-beta.1
WooCommerce 4.5.0-rc.1
WooCommerce 4.5.0-rc.2
WooCommerce 4.5.0-rc.3
WooCommerce 4.5.1
WooCommerce 4.5.2
WooCommerce 4.5.3
WooCommerce 4.5.3.1
WooCommerce 4.5.4
WooCommerce 4.5.5
WooCommerce 4.6.0
WooCommerce 4.6.0-beta.1
WooCommerce 4.6.0-rc.1
WooCommerce 4.6.1
WooCommerce 4.6.2
WooCommerce 4.6.3
WooCommerce 4.6.3.1
WooCommerce 4.6.4
WooCommerce 4.6.5
WooCommerce 4.7.0
WooCommerce 4.7.0-beta.1
WooCommerce 4.7.0-beta.2
WooCommerce 4.7.0-rc.1
WooCommerce 4.7.1
WooCommerce 4.7.1-beta.1
WooCommerce 4.7.2
WooCommerce 4.7.3
WooCommerce 4.7.4
WooCommerce 4.8.0
WooCommerce 4.8.0-beta.1
WooCommerce 4.8.0-rc.1
WooCommerce 4.8.0-rc.2
WooCommerce 4.8.1
WooCommerce 4.8.2
WooCommerce 4.8.3
WooCommerce 4.9.0
WooCommerce 4.9.0-beta.1
WooCommerce 4.9.0-rc.1
WooCommerce 4.9.0-rc.2
WooCommerce 4.9.1
WooCommerce 4.9.2
WooCommerce 4.9.3
WooCommerce 4.9.4
WooCommerce 4.9.5
WooCommerce 5.0.0
WooCommerce 5.0.0-beta.1
WooCommerce 5.0.0-beta.2
WooCommerce 5.0.0-rc.1
WooCommerce 5.0.0-rc.2
WooCommerce 5.0.0-rc.3
WooCommerce 5.0.1
WooCommerce 5.0.2
WooCommerce 5.0.3
WooCommerce 5.1.0
WooCommerce 5.1.0-beta.1
WooCommerce 5.1.0-rc.1
WooCommerce 5.1.1
WooCommerce 5.1.2
WooCommerce 5.1.3
WooCommerce 5.2.0
WooCommerce 5.2.0-beta.1
WooCommerce 5.2.0-rc.1
WooCommerce 5.2.0-rc.2
WooCommerce 5.2.1
WooCommerce 5.2.2
WooCommerce 5.2.3
WooCommerce 5.2.4
WooCommerce 5.2.5
WooCommerce 5.3.0
WooCommerce 5.3.0-beta.1
WooCommerce 5.3.0-rc.1
WooCommerce 5.3.0-rc.2
WooCommerce 5.3.1
WooCommerce 5.3.2
WooCommerce 5.3.3
WooCommerce 5.4.0
WooCommerce 5.4.0-beta.1
WooCommerce 5.4.0-rc.1
WooCommerce 5.4.1
WooCommerce 5.4.2
WooCommerce 5.4.3
WooCommerce 5.4.4
WooCommerce 5.4.5
WooCommerce 5.5.0
WooCommerce 5.5.0-beta.1
WooCommerce 5.5.0-rc.1
WooCommerce 5.5.0-rc.2
WooCommerce 5.5.1
WooCommerce 5.5.2
WooCommerce 5.5.3
WooCommerce 5.5.4
WooCommerce 5.5.5
WooCommerce 5.6.0
WooCommerce 5.6.0-beta.1
WooCommerce 5.6.0-rc.1
WooCommerce 5.6.0-rc.2
WooCommerce 5.6.1
WooCommerce 5.6.2
WooCommerce 5.6.3
WooCommerce 5.7.0
WooCommerce 5.7.0-beta.1
WooCommerce 5.7.0-rc.1
WooCommerce 5.7.0-rc.2
WooCommerce 5.7.1
WooCommerce 5.7.2
WooCommerce 5.7.3
WooCommerce 5.8.0
WooCommerce 5.8.0-beta.1
WooCommerce 5.8.0-beta.2
WooCommerce 5.8.0-rc.1
WooCommerce 5.8.1
WooCommerce 5.8.2
WooCommerce 5.9.0
WooCommerce 5.9.0-beta.1
WooCommerce 5.9.0-rc.1
WooCommerce 5.9.0-RC.1
WooCommerce 5.9.0-rc.2
WooCommerce 5.9.1
WooCommerce 5.9.2
WooCommerce 6.0.0
WooCommerce 6.0.0-beta.1
WooCommerce 6.0.0-rc.1
WooCommerce 6.0.1
WooCommerce 6.0.2
WooCommerce 6.1.0
WooCommerce 6.1.0-beta.1
WooCommerce 6.1.0-rc.1
WooCommerce 6.1.0-rc.2
WooCommerce 6.1.1
WooCommerce 6.1.2
WooCommerce 6.1.3
WooCommerce 6.2.0
WooCommerce 6.2.0-beta.1
WooCommerce 6.2.0-rc.1
WooCommerce 6.2.0-rc.2
WooCommerce 6.2.1
WooCommerce 6.2.2
WooCommerce 6.2.3
WooCommerce 6.3.0
WooCommerce 6.3.0-beta.1
WooCommerce 6.3.0-rc.1
WooCommerce 6.3.0-rc.2
WooCommerce 6.3.1
WooCommerce 6.3.2
WooCommerce 6.4.0
WooCommerce 6.4.0-beta.1
WooCommerce 6.4.0-rc.1
WooCommerce 6.4.1
WooCommerce 6.4.2
WooCommerce 6.5.0
WooCommerce 6.5.0-beta.1
WooCommerce 6.5.0-rc.1
WooCommerce 6.5.0-rc.2
WooCommerce 6.5.1
WooCommerce 6.5.2
WooCommerce 6.6.0
WooCommerce 6.6.0-beta.1
WooCommerce 6.6.0-rc.1
WooCommerce 6.6.0-rc.2
WooCommerce 6.6.1
WooCommerce 6.6.2
WooCommerce 6.7.0
WooCommerce 6.7.0-beta.1
WooCommerce 6.7.0-beta.2
WooCommerce 6.7.0-rc.1
WooCommerce 6.7.1
WooCommerce 6.8.0
WooCommerce 6.8.0-beta.1
WooCommerce 6.8.0-beta.2
WooCommerce 6.8.0-rc.1
WooCommerce 6.8.1
WooCommerce 6.8.2
WooCommerce 6.8.3
WooCommerce 6.9.0
WooCommerce 6.9.0-beta.1
WooCommerce 6.9.0-beta.2
WooCommerce 6.9.0-rc.1
WooCommerce 6.9.1
WooCommerce 6.9.2
WooCommerce 6.9.3
WooCommerce 6.9.4
WooCommerce 6.9.5
WooCommerce 7.0.0
WooCommerce 7.0.0-beta.1
WooCommerce 7.0.0-beta.2
WooCommerce 7.0.0-beta.3
WooCommerce 7.0.0-rc.1
WooCommerce 7.0.0-rc.2
WooCommerce 7.0.1
WooCommerce 7.0.2
WooCommerce 7.1.0
WooCommerce 7.1.0-beta.1
WooCommerce 7.1.0-beta.2
WooCommerce 7.1.0-rc.1
WooCommerce 7.1.0-rc.2
WooCommerce 7.1.1
WooCommerce 7.1.2
WooCommerce 7.2.0
WooCommerce 7.2.0-beta.1
WooCommerce 7.2.0-beta.2
WooCommerce 7.2.0-rc.1
WooCommerce 7.2.0-rc.2
WooCommerce 7.2.1
WooCommerce 7.2.2
WooCommerce 7.2.3
WooCommerce 7.2.4
WooCommerce 7.3.0
WooCommerce 7.3.0-beta.1
WooCommerce 7.3.0-beta.2
WooCommerce 7.3.0-rc.1
WooCommerce 7.3.0-rc.2
WooCommerce 7.3.1
WooCommerce 7.4.0
WooCommerce 7.4.0-beta.1
WooCommerce 7.4.0-beta.2
WooCommerce 7.4.0-rc.1
WooCommerce 7.4.0-rc.2
WooCommerce 7.4.1
WooCommerce 7.4.2
WooCommerce 7.5.0
WooCommerce 7.5.0-beta.1
WooCommerce 7.5.0-beta.2
WooCommerce 7.5.0-rc.1
WooCommerce 7.5.1
WooCommerce 7.5.2
WooCommerce 7.6.0
WooCommerce 7.6.0-beta.1
WooCommerce 7.6.0-beta.2
WooCommerce 7.6.0-rc.1
WooCommerce 7.6.0-rc.2
WooCommerce 7.6.0-rc.3
WooCommerce 7.6.1
WooCommerce 7.6.2
WooCommerce 7.7.0
WooCommerce 7.7.0-beta.1
WooCommerce 7.7.0-beta.2
WooCommerce 7.7.0-rc.1
WooCommerce 7.7.1
WooCommerce 7.7.2
WooCommerce 7.7.3
WooCommerce 7.8.0
WooCommerce 7.8.0-beta.1
WooCommerce 7.8.0-beta.2
WooCommerce 7.8.0-rc.1
WooCommerce 7.8.0-rc.2
WooCommerce 7.8.1
WooCommerce 7.8.2
WooCommerce 7.8.3
WooCommerce 7.8.4
WooCommerce 7.9.0
WooCommerce 7.9.0-beta.1
WooCommerce 7.9.0-beta.2
WooCommerce 7.9.0-rc.2
WooCommerce 7.9.0-rc.3
WooCommerce 7.9.1
WooCommerce 7.9.2
WooCommerce 8.0.0
WooCommerce 8.0.0-beta.1
WooCommerce 8.0.0-beta.2
WooCommerce 8.0.0-rc.1
WooCommerce 8.0.0-rc.2
WooCommerce 8.0.1
WooCommerce 8.0.2
WooCommerce 8.0.3
WooCommerce 8.0.4
WooCommerce 8.0.5
WooCommerce 8.1.0
WooCommerce 8.1.0-a.3
WooCommerce 8.1.0-a.4
WooCommerce 8.1.0-a.5
WooCommerce 8.1.0-beta.1
WooCommerce 8.1.0-rc.1
WooCommerce 8.1.0-rc.2
WooCommerce 8.1.1
WooCommerce 8.1.2
WooCommerce 8.1.3
WooCommerce 8.1.4
WooCommerce 8.2.0
WooCommerce 8.2.0-a.1
WooCommerce 8.2.0-beta.1
WooCommerce 8.2.0-rc.1
WooCommerce 8.2.0-rc.2
WooCommerce 8.2.1
WooCommerce 8.2.2
WooCommerce 8.2.3
WooCommerce 8.2.4
WooCommerce 8.2.5
WooCommerce 8.3.0
WooCommerce 8.3.0-beta.1
WooCommerce 8.3.0-rc.1
WooCommerce 8.3.0-rc.2
WooCommerce 8.3.1
WooCommerce 8.3.2
WooCommerce 8.3.3
WooCommerce 8.3.4
WooCommerce 8.4.0
WooCommerce 8.4.0-beta.1
WooCommerce 8.4.0-rc.1
WooCommerce 8.4.1
WooCommerce 8.4.2
WooCommerce 8.4.3
WooCommerce 8.5.0
WooCommerce 8.5.0-beta.1
WooCommerce 8.5.0-rc.1
WooCommerce 8.5.1
WooCommerce 8.5.2
WooCommerce 8.5.3
WooCommerce 8.5.4
WooCommerce 8.5.5
WooCommerce 8.6.0
WooCommerce 8.6.0-beta.1
WooCommerce 8.6.0-rc.1
WooCommerce 8.6.1
WooCommerce 8.6.2
WooCommerce 8.6.3
WooCommerce 8.6.4
WooCommerce 8.7.0
WooCommerce 8.7.0-beta.1
WooCommerce 8.7.0-beta.2
WooCommerce 8.7.0-rc.1
WooCommerce 8.7.1
WooCommerce 8.7.2
WooCommerce 8.7.3
WooCommerce 8.8.0
WooCommerce 8.8.0-beta.1
WooCommerce 8.8.0-rc.1
WooCommerce 8.8.1
WooCommerce 8.8.2
WooCommerce 8.8.3
WooCommerce 8.8.4
WooCommerce 8.8.5
WooCommerce 8.8.6
WooCommerce 8.8.7
WooCommerce 8.9.0
WooCommerce 8.9.0-beta.1
WooCommerce 8.9.0-rc.1
WooCommerce 8.9.1
WooCommerce 8.9.2
WooCommerce 8.9.3
WooCommerce 8.9.4
WooCommerce 8.9.5
WooCommerce 9.0.0
WooCommerce 9.0.0-beta.1
WooCommerce 9.0.0-beta.2
WooCommerce 9.0.0-rc.1
WooCommerce 9.0.1
WooCommerce 9.0.2
WooCommerce 9.0.3
WooCommerce 9.0.4
WooCommerce 9.1.0
WooCommerce 9.1.0-beta.1
WooCommerce 9.1.0-rc.1
WooCommerce 9.1.1
WooCommerce 9.1.2
WooCommerce 9.1.3
WooCommerce 9.1.4
WooCommerce 9.1.5
WooCommerce 9.1.6
WooCommerce 9.2.0
WooCommerce 9.2.0-beta.1
WooCommerce 9.2.0-rc.1
WooCommerce 9.2.1
WooCommerce 9.2.2
WooCommerce 9.2.3
WooCommerce 9.2.4
WooCommerce 9.2.5
WooCommerce 9.3.0
WooCommerce 9.3.0-beta.1
WooCommerce 9.3.0-rc.1
WooCommerce 9.3.1
WooCommerce 9.3.2
WooCommerce 9.3.3
WooCommerce 9.4.0
WooCommerce 9.4.0-beta.1
WooCommerce 9.4.0-beta.2
WooCommerce 9.4.0-rc.1
WooCommerce 9.4.0-rc.2
WooCommerce 9.4.0-rc.3
WooCommerce 9.4.0-rc.4
WooCommerce 9.4.1
WooCommerce 9.4.2
WooCommerce list
WooCommerce nightly

Improved code security enforcement in Connect process

Skrevet den 4. marts 202518. oktober 2025 af i Elementor Website Builder

By sanitizing settings field , the fix mitigates risks related to cross-site scripting (XSS) attacks, ensuring that any HTML included in the settings is cleaned before output.

This vulnerability affects the following application versions:

Elementor Website Builder 1.0.0
Elementor Website Builder 1.0.1
Elementor Website Builder 1.0.2
Elementor Website Builder 1.0.3
Elementor Website Builder 1.0.4
Elementor Website Builder 1.0.5
Elementor Website Builder 1.0.6
Elementor Website Builder 1.0.7
Elementor Website Builder 1.0.8
Elementor Website Builder 1.0.9
Elementor Website Builder 1.0.10
Elementor Website Builder 1.0.11
Elementor Website Builder 1.0.12
Elementor Website Builder 1.1.0
Elementor Website Builder 1.1.1
Elementor Website Builder 1.1.2
Elementor Website Builder 1.1.3
Elementor Website Builder 1.1.4
Elementor Website Builder 1.1.5
Elementor Website Builder 1.1.6
Elementor Website Builder 1.1.7
Elementor Website Builder 1.2.0
Elementor Website Builder 1.2.1
Elementor Website Builder 1.2.2
Elementor Website Builder 1.2.3
Elementor Website Builder 1.2.4
Elementor Website Builder 1.3.0
Elementor Website Builder 1.3.1
Elementor Website Builder 1.3.2
Elementor Website Builder 1.3.3
Elementor Website Builder 1.3.4
Elementor Website Builder 1.3.5
Elementor Website Builder 1.4.0
Elementor Website Builder 1.4.0-RC1
Elementor Website Builder 1.4.0-RC2
Elementor Website Builder 1.4.0-RC3
Elementor Website Builder 1.4.1
Elementor Website Builder 1.4.2
Elementor Website Builder 1.4.3
Elementor Website Builder 1.4.4
Elementor Website Builder 1.4.5
Elementor Website Builder 1.4.6
Elementor Website Builder 1.4.7
Elementor Website Builder 1.4.8
Elementor Website Builder 1.4.9
Elementor Website Builder 1.4.10
Elementor Website Builder 1.5.0
Elementor Website Builder 1.5.0-RC1
Elementor Website Builder 1.5.0-RC2
Elementor Website Builder 1.5.0-RC3
Elementor Website Builder 1.5.1
Elementor Website Builder 1.5.2
Elementor Website Builder 1.5.3
Elementor Website Builder 1.5.4
Elementor Website Builder 1.5.5
Elementor Website Builder 1.6.0
Elementor Website Builder 1.6.0-RC1
Elementor Website Builder 1.6.0-RC2
Elementor Website Builder 1.6.0-RC3
Elementor Website Builder 1.6.0-RC4
Elementor Website Builder 1.6.1
Elementor Website Builder 1.6.2
Elementor Website Builder 1.6.3
Elementor Website Builder 1.6.4
Elementor Website Builder 1.6.5
Elementor Website Builder 1.7.0
Elementor Website Builder 1.7.0-RC1
Elementor Website Builder 1.7.0-RC2
Elementor Website Builder 1.7.0-RC3
Elementor Website Builder 1.7.1
Elementor Website Builder 1.7.2
Elementor Website Builder 1.7.3
Elementor Website Builder 1.7.4
Elementor Website Builder 1.7.5
Elementor Website Builder 1.7.6
Elementor Website Builder 1.7.7
Elementor Website Builder 1.7.8
Elementor Website Builder 1.7.9
Elementor Website Builder 1.7.10
Elementor Website Builder 1.7.11
Elementor Website Builder 1.7.12
Elementor Website Builder 1.8.0
Elementor Website Builder 1.8.0-RC1
Elementor Website Builder 1.8.0-RC2
Elementor Website Builder 1.8.0-RC3
Elementor Website Builder 1.8.1
Elementor Website Builder 1.8.2
Elementor Website Builder 1.8.3
Elementor Website Builder 1.8.4
Elementor Website Builder 1.8.5
Elementor Website Builder 1.8.6
Elementor Website Builder 1.8.7
Elementor Website Builder 1.8.8
Elementor Website Builder 1.8.9
Elementor Website Builder 1.8.10
Elementor Website Builder 1.8.11
Elementor Website Builder 1.8.12
Elementor Website Builder 1.9.0
Elementor Website Builder 1.9.0-RC1
Elementor Website Builder 1.9.0-RC2
Elementor Website Builder 1.9.0-RC3
Elementor Website Builder 1.9.1
Elementor Website Builder 1.9.2
Elementor Website Builder 1.9.3
Elementor Website Builder 1.9.4
Elementor Website Builder 1.9.5
Elementor Website Builder 1.9.6
Elementor Website Builder 1.9.7
Elementor Website Builder 1.9.8
Elementor Website Builder 2.0.0
Elementor Website Builder 2.0.0-beta1
Elementor Website Builder 2.0.0-beta2
Elementor Website Builder 2.0.0-beta3
Elementor Website Builder 2.0.0-beta4
Elementor Website Builder 2.0.1
Elementor Website Builder 2.0.2
Elementor Website Builder 2.0.3
Elementor Website Builder 2.0.4
Elementor Website Builder 2.0.5
Elementor Website Builder 2.0.6
Elementor Website Builder 2.0.7
Elementor Website Builder 2.0.8
Elementor Website Builder 2.0.9
Elementor Website Builder 2.0.10
Elementor Website Builder 2.0.11
Elementor Website Builder 2.0.12
Elementor Website Builder 2.0.13
Elementor Website Builder 2.0.14
Elementor Website Builder 2.0.15
Elementor Website Builder 2.0.16
Elementor Website Builder 2.1.0
Elementor Website Builder 2.1.0-beta1
Elementor Website Builder 2.1.0-beta2
Elementor Website Builder 2.1.0-beta3
Elementor Website Builder 2.1.1
Elementor Website Builder 2.1.2
Elementor Website Builder 2.1.3
Elementor Website Builder 2.1.4
Elementor Website Builder 2.1.5
Elementor Website Builder 2.1.6
Elementor Website Builder 2.1.7
Elementor Website Builder 2.1.8
Elementor Website Builder 2.2.0
Elementor Website Builder 2.2.0-beta1
Elementor Website Builder 2.2.0-beta2
Elementor Website Builder 2.2.0-beta3
Elementor Website Builder 2.2.1
Elementor Website Builder 2.2.2
Elementor Website Builder 2.2.3
Elementor Website Builder 2.2.4
Elementor Website Builder 2.2.5
Elementor Website Builder 2.2.6
Elementor Website Builder 2.2.7
Elementor Website Builder 2.3.0
Elementor Website Builder 2.3.0-beta1
Elementor Website Builder 2.3.0-beta2
Elementor Website Builder 2.3.0-beta3
Elementor Website Builder 2.3.0-beta4
Elementor Website Builder 2.3.0-beta5
Elementor Website Builder 2.3.1
Elementor Website Builder 2.3.2
Elementor Website Builder 2.3.3
Elementor Website Builder 2.3.4
Elementor Website Builder 2.3.5
Elementor Website Builder 2.3.6
Elementor Website Builder 2.3.7
Elementor Website Builder 2.3.8
Elementor Website Builder 2.4.0
Elementor Website Builder 2.4.0-beta1
Elementor Website Builder 2.4.0-beta2
Elementor Website Builder 2.4.0-beta3
Elementor Website Builder 2.4.0-beta4
Elementor Website Builder 2.4.1
Elementor Website Builder 2.4.2
Elementor Website Builder 2.4.3
Elementor Website Builder 2.4.4
Elementor Website Builder 2.4.5
Elementor Website Builder 2.4.6
Elementor Website Builder 2.4.7
Elementor Website Builder 2.5.0
Elementor Website Builder 2.5.0-beta1
Elementor Website Builder 2.5.0-beta2
Elementor Website Builder 2.5.0-beta3
Elementor Website Builder 2.5.0-beta4
Elementor Website Builder 2.5.1
Elementor Website Builder 2.5.2
Elementor Website Builder 2.5.3
Elementor Website Builder 2.5.4
Elementor Website Builder 2.5.5
Elementor Website Builder 2.5.6
Elementor Website Builder 2.5.7
Elementor Website Builder 2.5.8
Elementor Website Builder 2.5.9
Elementor Website Builder 2.5.10
Elementor Website Builder 2.5.11
Elementor Website Builder 2.5.12
Elementor Website Builder 2.5.13
Elementor Website Builder 2.5.14
Elementor Website Builder 2.5.15
Elementor Website Builder 2.5.16
Elementor Website Builder 2.6.0
Elementor Website Builder 2.6.0-beta1
Elementor Website Builder 2.6.0-beta2
Elementor Website Builder 2.6.0-beta3
Elementor Website Builder 2.6.1
Elementor Website Builder 2.6.2
Elementor Website Builder 2.6.3
Elementor Website Builder 2.6.4
Elementor Website Builder 2.6.5
Elementor Website Builder 2.6.6
Elementor Website Builder 2.6.7
Elementor Website Builder 2.6.8
Elementor Website Builder 2.7.0
Elementor Website Builder 2.7.0-beta1
Elementor Website Builder 2.7.0-beta2
Elementor Website Builder 2.7.0-beta3
Elementor Website Builder 2.7.0-beta4
Elementor Website Builder 2.7.1
Elementor Website Builder 2.7.2
Elementor Website Builder 2.7.3
Elementor Website Builder 2.7.4
Elementor Website Builder 2.7.5
Elementor Website Builder 2.7.6
Elementor Website Builder 2.8.0
Elementor Website Builder 2.8.0-beta1
Elementor Website Builder 2.8.0-beta2
Elementor Website Builder 2.8.0-beta3
Elementor Website Builder 2.8.0-beta4
Elementor Website Builder 2.8.1
Elementor Website Builder 2.8.2
Elementor Website Builder 2.8.3
Elementor Website Builder 2.8.4
Elementor Website Builder 2.8.5
Elementor Website Builder 2.9.0
Elementor Website Builder 2.9.0-beta1
Elementor Website Builder 2.9.0-beta2
Elementor Website Builder 2.9.0-beta3
Elementor Website Builder 2.9.0-beta4
Elementor Website Builder 2.9.0-beta5
Elementor Website Builder 2.9.1
Elementor Website Builder 2.9.2
Elementor Website Builder 2.9.3
Elementor Website Builder 2.9.4
Elementor Website Builder 2.9.5
Elementor Website Builder 2.9.6
Elementor Website Builder 2.9.7
Elementor Website Builder 2.9.8
Elementor Website Builder 2.9.9
Elementor Website Builder 2.9.10
Elementor Website Builder 2.9.11
Elementor Website Builder 2.9.12
Elementor Website Builder 2.9.13
Elementor Website Builder 2.9.14
Elementor Website Builder 3.0.0
Elementor Website Builder 3.0.0-beta1
Elementor Website Builder 3.0.0-beta2
Elementor Website Builder 3.0.0-beta3
Elementor Website Builder 3.0.0-beta4
Elementor Website Builder 3.0.0-beta5
Elementor Website Builder 3.0.0-beta6
Elementor Website Builder 3.0.1
Elementor Website Builder 3.0.2
Elementor Website Builder 3.0.3
Elementor Website Builder 3.0.4
Elementor Website Builder 3.0.5
Elementor Website Builder 3.0.6
Elementor Website Builder 3.0.7
Elementor Website Builder 3.0.8
Elementor Website Builder 3.0.8.1
Elementor Website Builder 3.0.9
Elementor Website Builder 3.0.10
Elementor Website Builder 3.0.11
Elementor Website Builder 3.0.12
Elementor Website Builder 3.0.13
Elementor Website Builder 3.0.14
Elementor Website Builder 3.0.15
Elementor Website Builder 3.0.16
Elementor Website Builder 3.1.0
Elementor Website Builder 3.1.0-beta1
Elementor Website Builder 3.1.0-beta2
Elementor Website Builder 3.1.0-beta3
Elementor Website Builder 3.1.0-beta4
Elementor Website Builder 3.1.0-dev1
Elementor Website Builder 3.1.0-dev2
Elementor Website Builder 3.1.0-dev3
Elementor Website Builder 3.1.0-dev4
Elementor Website Builder 3.1.1
Elementor Website Builder 3.1.2
Elementor Website Builder 3.1.3
Elementor Website Builder 3.1.4
Elementor Website Builder 3.2.0
Elementor Website Builder 3.2.0-beta1
Elementor Website Builder 3.2.0-beta2
Elementor Website Builder 3.2.0-beta3
Elementor Website Builder 3.2.0-beta4
Elementor Website Builder 3.2.0-dev1
Elementor Website Builder 3.2.0-dev2
Elementor Website Builder 3.2.0-dev3
Elementor Website Builder 3.2.0-dev4
Elementor Website Builder 3.2.0-dev5
Elementor Website Builder 3.2.0-dev6
Elementor Website Builder 3.2.0-dev7
Elementor Website Builder 3.2.0-dev8
Elementor Website Builder 3.2.1
Elementor Website Builder 3.2.2
Elementor Website Builder 3.2.3
Elementor Website Builder 3.2.4
Elementor Website Builder 3.2.5
Elementor Website Builder 3.3.0
Elementor Website Builder 3.3.0-beta1
Elementor Website Builder 3.3.0-beta2
Elementor Website Builder 3.3.0-beta3
Elementor Website Builder 3.3.0-beta4
Elementor Website Builder 3.3.0-beta5
Elementor Website Builder 3.3.0-dev1
Elementor Website Builder 3.3.0-dev2
Elementor Website Builder 3.3.0-dev3
Elementor Website Builder 3.3.0-dev4
Elementor Website Builder 3.3.0-dev5
Elementor Website Builder 3.3.0-dev6
Elementor Website Builder 3.3.0-dev7
Elementor Website Builder 3.3.0-dev8
Elementor Website Builder 3.3.0-dev9
Elementor Website Builder 3.3.0-dev10
Elementor Website Builder 3.3.0-dev11
Elementor Website Builder 3.3.0-dev12
Elementor Website Builder 3.3.0-dev13
Elementor Website Builder 3.3.0-dev14
Elementor Website Builder 3.3.0-dev15
Elementor Website Builder 3.3.1
Elementor Website Builder 3.4.0
Elementor Website Builder 3.4.0-beta1
Elementor Website Builder 3.4.0-beta2
Elementor Website Builder 3.4.0-beta3
Elementor Website Builder 3.4.0-beta4
Elementor Website Builder 3.4.0-beta5
Elementor Website Builder 3.4.0-dev1
Elementor Website Builder 3.4.0-dev2
Elementor Website Builder 3.4.0-dev3
Elementor Website Builder 3.4.0-dev4
Elementor Website Builder 3.4.0-dev5
Elementor Website Builder 3.4.0-dev6
Elementor Website Builder 3.4.0-dev7
Elementor Website Builder 3.4.0-dev8
Elementor Website Builder 3.4.0-dev9
Elementor Website Builder 3.4.0-dev10
Elementor Website Builder 3.4.0-dev11
Elementor Website Builder 3.4.0-dev12
Elementor Website Builder 3.4.0-dev13
Elementor Website Builder 3.4.1
Elementor Website Builder 3.4.2
Elementor Website Builder 3.4.3
Elementor Website Builder 3.4.4
Elementor Website Builder 3.4.5
Elementor Website Builder 3.4.6
Elementor Website Builder 3.4.7
Elementor Website Builder 3.4.8
Elementor Website Builder 3.5.0
Elementor Website Builder 3.5.0-beta1
Elementor Website Builder 3.5.0-beta2
Elementor Website Builder 3.5.0-beta3
Elementor Website Builder 3.5.0-beta4
Elementor Website Builder 3.5.0-beta5
Elementor Website Builder 3.5.0-beta7
Elementor Website Builder 3.5.0-beta8
Elementor Website Builder 3.5.0-dev1
Elementor Website Builder 3.5.0-dev2
Elementor Website Builder 3.5.0-dev3
Elementor Website Builder 3.5.0-dev4
Elementor Website Builder 3.5.0-dev5
Elementor Website Builder 3.5.0-dev6
Elementor Website Builder 3.5.0-dev7
Elementor Website Builder 3.5.0-dev8
Elementor Website Builder 3.5.0-dev9
Elementor Website Builder 3.5.0-dev10
Elementor Website Builder 3.5.0-dev11
Elementor Website Builder 3.5.0-dev12
Elementor Website Builder 3.5.0-dev13
Elementor Website Builder 3.5.0-dev14
Elementor Website Builder 3.5.0-dev15
Elementor Website Builder 3.5.0-dev16
Elementor Website Builder 3.5.0-dev17
Elementor Website Builder 3.5.0-dev18
Elementor Website Builder 3.5.0-dev19
Elementor Website Builder 3.5.0-dev20
Elementor Website Builder 3.5.0-dev21
Elementor Website Builder 3.5.0-dev22
Elementor Website Builder 3.5.0-dev23
Elementor Website Builder 3.5.0-dev24
Elementor Website Builder 3.5.0-dev25
Elementor Website Builder 3.5.0-dev26
Elementor Website Builder 3.5.0-dev27
Elementor Website Builder 3.5.0-dev28
Elementor Website Builder 3.5.0-dev29
Elementor Website Builder 3.5.0-dev30
Elementor Website Builder 3.5.0-dev31
Elementor Website Builder 3.5.0-dev32
Elementor Website Builder 3.5.0-dev33
Elementor Website Builder 3.5.0-dev34
Elementor Website Builder 3.5.0-dev35
Elementor Website Builder 3.5.0-dev36
Elementor Website Builder 3.5.0-dev37
Elementor Website Builder 3.5.0-dev38
Elementor Website Builder 3.5.0-dev39
Elementor Website Builder 3.5.0-dev40
Elementor Website Builder 3.5.0-dev41
Elementor Website Builder 3.5.0-dev42
Elementor Website Builder 3.5.0-dev43
Elementor Website Builder 3.5.0-dev44
Elementor Website Builder 3.5.0-dev45
Elementor Website Builder 3.5.0-dev46
Elementor Website Builder 3.5.0-dev47
Elementor Website Builder 3.5.0-dev48
Elementor Website Builder 3.5.0-dev49
Elementor Website Builder 3.5.0-dev50
Elementor Website Builder 3.5.0-dev51
Elementor Website Builder 3.5.1
Elementor Website Builder 3.5.2
Elementor Website Builder 3.5.3
Elementor Website Builder 3.5.4
Elementor Website Builder 3.5.5
Elementor Website Builder 3.5.6
Elementor Website Builder 3.6.0
Elementor Website Builder 3.6.0-beta1
Elementor Website Builder 3.6.0-beta2
Elementor Website Builder 3.6.0-beta3
Elementor Website Builder 3.6.0-beta4
Elementor Website Builder 3.6.0-beta5
Elementor Website Builder 3.6.0-dev1
Elementor Website Builder 3.6.0-dev2
Elementor Website Builder 3.6.0-dev3
Elementor Website Builder 3.6.0-dev4
Elementor Website Builder 3.6.0-dev5
Elementor Website Builder 3.6.0-dev6
Elementor Website Builder 3.6.0-dev7
Elementor Website Builder 3.6.0-dev8
Elementor Website Builder 3.6.0-dev9
Elementor Website Builder 3.6.0-dev10
Elementor Website Builder 3.6.0-dev11
Elementor Website Builder 3.6.0-dev13
Elementor Website Builder 3.6.0-dev14
Elementor Website Builder 3.6.0-dev16
Elementor Website Builder 3.6.0-dev17
Elementor Website Builder 3.6.0-dev18
Elementor Website Builder 3.6.0-dev19
Elementor Website Builder 3.6.0-dev20
Elementor Website Builder 3.6.0-dev21
Elementor Website Builder 3.6.0-dev22
Elementor Website Builder 3.6.0-dev24
Elementor Website Builder 3.6.0-dev25
Elementor Website Builder 3.6.0-dev26
Elementor Website Builder 3.6.0-dev27
Elementor Website Builder 3.6.0-dev28
Elementor Website Builder 3.6.0-dev29
Elementor Website Builder 3.6.0-dev30
Elementor Website Builder 3.6.0-dev31
Elementor Website Builder 3.6.0-dev32
Elementor Website Builder 3.6.0-dev33
Elementor Website Builder 3.6.0-dev34
Elementor Website Builder 3.6.0-dev35
Elementor Website Builder 3.6.0-dev36
Elementor Website Builder 3.6.0-dev37
Elementor Website Builder 3.6.0-dev38
Elementor Website Builder 3.6.0-dev39
Elementor Website Builder 3.6.0-dev40
Elementor Website Builder 3.6.0-dev41
Elementor Website Builder 3.6.0-dev42
Elementor Website Builder 3.6.0-dev43
Elementor Website Builder 3.6.0-dev44
Elementor Website Builder 3.6.0-dev45
Elementor Website Builder 3.6.1
Elementor Website Builder 3.6.2
Elementor Website Builder 3.6.3
Elementor Website Builder 3.6.4
Elementor Website Builder 3.6.5
Elementor Website Builder 3.6.6
Elementor Website Builder 3.6.7
Elementor Website Builder 3.6.8
Elementor Website Builder 3.7.0
Elementor Website Builder 3.7.0-beta1
Elementor Website Builder 3.7.0-beta2
Elementor Website Builder 3.7.0-beta3
Elementor Website Builder 3.7.0-beta4
Elementor Website Builder 3.7.0-dev1
Elementor Website Builder 3.7.0-dev2
Elementor Website Builder 3.7.0-dev3
Elementor Website Builder 3.7.0-dev4
Elementor Website Builder 3.7.0-dev5
Elementor Website Builder 3.7.0-dev6
Elementor Website Builder 3.7.0-dev7
Elementor Website Builder 3.7.0-dev8
Elementor Website Builder 3.7.0-dev9
Elementor Website Builder 3.7.0-dev10
Elementor Website Builder 3.7.1
Elementor Website Builder 3.7.2
Elementor Website Builder 3.7.3
Elementor Website Builder 3.7.4
Elementor Website Builder 3.7.5
Elementor Website Builder 3.7.6
Elementor Website Builder 3.7.7
Elementor Website Builder 3.7.8
Elementor Website Builder 3.8.0
Elementor Website Builder 3.8.0-beta1
Elementor Website Builder 3.8.0-beta2
Elementor Website Builder 3.8.0-beta3
Elementor Website Builder 3.8.0-beta4
Elementor Website Builder 3.8.0-beta5
Elementor Website Builder 3.8.0-beta6
Elementor Website Builder 3.8.0-dev1
Elementor Website Builder 3.8.0-dev2
Elementor Website Builder 3.8.0-dev3
Elementor Website Builder 3.8.0-dev4
Elementor Website Builder 3.8.1
Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev1
Elementor Website Builder 3.9.0-dev2
Elementor Website Builder 3.9.0-dev3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5
Elementor Website Builder 3.24.6
Elementor Website Builder 3.24.7
Elementor Website Builder 3.24.8
Elementor Website Builder 3.25.0
Elementor Website Builder 3.25.0-beta1
Elementor Website Builder 3.25.0-beta2
Elementor Website Builder 3.25.0-beta3
Elementor Website Builder 3.25.0-dev1
Elementor Website Builder 3.25.0-dev2
Elementor Website Builder 3.25.0-dev3
Elementor Website Builder 3.25.1
Elementor Website Builder 3.25.2
Elementor Website Builder 3.25.3
Elementor Website Builder 3.25.4
Elementor Website Builder 3.25.5
Elementor Website Builder 3.25.6
Elementor Website Builder 3.25.7
Elementor Website Builder 3.25.8
Elementor Website Builder 3.25.9
Elementor Website Builder 3.25.10

Cross-site scripting on SVG uploads and attachments.

Skrevet den 4. marts 2025 af i SVG Support

Improved sanitization of SVG uploads and attachments enhances security by filtering out potentially harmful code while prevent vulnerabilities like XSS while ensuring safe handling of SVG files.

This vulnerability affects the following application versions:

SVG Support 2.3
SVG Support 2.3.1
SVG Support 2.3.2
SVG Support 2.3.3
SVG Support 2.3.4
SVG Support 2.3.5
SVG Support 2.3.6
SVG Support 2.3.7
SVG Support 2.3.8
SVG Support 2.3.9
SVG Support 2.3.10
SVG Support 2.3.11
SVG Support 2.3.12
SVG Support 2.3.13
SVG Support 2.3.14
SVG Support 2.3.15
SVG Support 2.3.16
SVG Support 2.3.17
SVG Support 2.3.18
SVG Support 2.3.19
SVG Support 2.3.20
SVG Support 2.3.21
SVG Support 2.4
SVG Support 2.4.1
SVG Support 2.4.2
SVG Support 2.5
SVG Support 2.5.1
SVG Support 2.5.2
SVG Support 2.5.3
SVG Support 2.5.4
SVG Support 2.5.5
SVG Support 2.5.6
SVG Support 2.5.7

XSS in the admin settings

Skrevet den 4. marts 202518. oktober 2025 af i SVG Support

The output in the admin settings page is not properly escaped and may lead to an XSS attack.

This vulnerability affects the following application versions:

SVG Support 2.4
SVG Support 2.4.1
SVG Support 2.4.2
SVG Support 2.5
SVG Support 2.5.1
SVG Support 2.5.2
SVG Support 2.5.3
SVG Support 2.5.4
SVG Support 2.5.5
SVG Support 2.5.6
SVG Support 2.5.7

Reused Nonce in AJAX Requests Leading to CSRF or Privilege Escalation

Skrevet den 28. februar 202518. oktober 2025 af i Limit Login Attempts Reloaded

Same nonce is used across multiple AJAX actions, potentially allowing an attacker to reuse it to perform unauthorized actions on behalf of a user.

This vulnerability affects the following application versions:

Limit Login Attempts Reloaded 2.16.0
Limit Login Attempts Reloaded 2.17.0
Limit Login Attempts Reloaded 2.17.1
Limit Login Attempts Reloaded 2.17.2
Limit Login Attempts Reloaded 2.17.3
Limit Login Attempts Reloaded 2.17.4
Limit Login Attempts Reloaded 2.18.0
Limit Login Attempts Reloaded 2.19.0
Limit Login Attempts Reloaded 2.19.1
Limit Login Attempts Reloaded 2.19.2
Limit Login Attempts Reloaded 2.20.0
Limit Login Attempts Reloaded 2.20.1
Limit Login Attempts Reloaded 2.20.2
Limit Login Attempts Reloaded 2.20.3
Limit Login Attempts Reloaded 2.20.4
Limit Login Attempts Reloaded 2.20.5
Limit Login Attempts Reloaded 2.20.6
Limit Login Attempts Reloaded 2.21.0
Limit Login Attempts Reloaded 2.21.1
Limit Login Attempts Reloaded 2.22.0
Limit Login Attempts Reloaded 2.22.1
Limit Login Attempts Reloaded 2.23.0
Limit Login Attempts Reloaded 2.23.1
Limit Login Attempts Reloaded 2.23.2
Limit Login Attempts Reloaded 2.24.0
Limit Login Attempts Reloaded 2.24.1
Limit Login Attempts Reloaded 2.25.0
Limit Login Attempts Reloaded 2.25.1
Limit Login Attempts Reloaded 2.25.2
Limit Login Attempts Reloaded 2.25.3
Limit Login Attempts Reloaded 2.25.4
Limit Login Attempts Reloaded 2.25.5
Limit Login Attempts Reloaded 2.25.6
Limit Login Attempts Reloaded 2.25.7
Limit Login Attempts Reloaded 2.25.8
Limit Login Attempts Reloaded 2.25.9
Limit Login Attempts Reloaded 2.25.10
Limit Login Attempts Reloaded 2.25.11
Limit Login Attempts Reloaded 2.25.12
Limit Login Attempts Reloaded 2.25.13
Limit Login Attempts Reloaded 2.25.14
Limit Login Attempts Reloaded 2.25.15
Limit Login Attempts Reloaded 2.25.16
Limit Login Attempts Reloaded 2.25.17
Limit Login Attempts Reloaded 2.25.18
Limit Login Attempts Reloaded 2.25.19
Limit Login Attempts Reloaded 2.25.20
Limit Login Attempts Reloaded 2.25.21
Limit Login Attempts Reloaded 2.25.22
Limit Login Attempts Reloaded 2.25.23
Limit Login Attempts Reloaded 2.25.24
Limit Login Attempts Reloaded 2.25.25

Advanced permission checks in svg support

Skrevet den 27. februar 2025 af i SVG Support

Some parts are not doing enough checks to see if user can upload files to prevent incorrent permission and possible attacks

This vulnerability affects the following application versions:

SVG Support 2.5.2
SVG Support 2.5.3
SVG Support 2.5.4
SVG Support 2.5.5

Drupal – Critical – Cross site scripting – SA-CORE-2025-001

Skrevet den 21. februar 2025 af i Drupal

Drupal core doesn’t sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability (XSS).

Security risk: Critical 17 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Proof/TD:All

This vulnerability affects the following application versions:

Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2

Drupal – Moderately critical – Gadget Chain – SA-CORE-2025-003

Skrevet den 21. februar 202513. juni 2025 af i Drupal

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Arbitrary File Inclusion. Techniques exist to escalate this attack to Remote Code Execution. It is not directly exploitable.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2

Drupal – Moderately critical – Access bypass – SA-CORE-2025-002

Skrevet den 21. februar 2025 af i Drupal

Bulk operations allow authorized users to modify several nodes at once from the Content page (/admin/content). A site builder can also add bulk operations to other pages using Views.

Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default

This vulnerability affects the following application versions:

Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.2.11
Drupal 10.2.12
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 10.3.9
Drupal 10.3.10
Drupal 10.3.11
Drupal 10.3.12
Drupal 10.4.0
Drupal 10.4.1
Drupal 10.4.2
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7
Drupal 11.0.8
Drupal 11.0.9
Drupal 11.0.10
Drupal 11.0.11
Drupal 11.1.0
Drupal 11.1.1
Drupal 11.1.2

[20250201] – SQL injection vulnerability in Scheduled Tasks component

Skrevet den 20. februar 2025 af i Joomla

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler

CVE Number: CVE-2025-22207

This vulnerability affects the following application versions:

Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 4.4.10
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2
Joomla 5.2.3

Xss vectors in different sections

Skrevet den 18. februar 202518. oktober 2025 af i Spectra – WordPress Gutenberg Blocks

An invalid sanitation and validation leads to an XSS attack in the frontend js and url attributes.

This vulnerability affects the following application versions:

Spectra – WordPress Gutenberg Blocks 2.3.2
Spectra – WordPress Gutenberg Blocks 2.3.3
Spectra – WordPress Gutenberg Blocks 2.3.4
Spectra – WordPress Gutenberg Blocks 2.3.5
Spectra – WordPress Gutenberg Blocks 2.4.0
Spectra – WordPress Gutenberg Blocks 2.4.1
Spectra – WordPress Gutenberg Blocks 2.4.2
Spectra – WordPress Gutenberg Blocks 2.5.0
Spectra – WordPress Gutenberg Blocks 2.5.1
Spectra – WordPress Gutenberg Blocks 2.6.0
Spectra – WordPress Gutenberg Blocks 2.6.1
Spectra – WordPress Gutenberg Blocks 2.6.2
Spectra – WordPress Gutenberg Blocks 2.6.3
Spectra – WordPress Gutenberg Blocks 2.6.4
Spectra – WordPress Gutenberg Blocks 2.6.5
Spectra – WordPress Gutenberg Blocks 2.6.6
Spectra – WordPress Gutenberg Blocks 2.6.7
Spectra – WordPress Gutenberg Blocks 2.6.8
Spectra – WordPress Gutenberg Blocks 2.6.9
Spectra – WordPress Gutenberg Blocks 2.7.0
Spectra – WordPress Gutenberg Blocks 2.7.1
Spectra – WordPress Gutenberg Blocks 2.7.2
Spectra – WordPress Gutenberg Blocks 2.7.3
Spectra – WordPress Gutenberg Blocks 2.7.4
Spectra – WordPress Gutenberg Blocks 2.7.5
Spectra – WordPress Gutenberg Blocks 2.7.6
Spectra – WordPress Gutenberg Blocks 2.7.7
Spectra – WordPress Gutenberg Blocks 2.7.8
Spectra – WordPress Gutenberg Blocks 2.7.9
Spectra – WordPress Gutenberg Blocks 2.7.10
Spectra – WordPress Gutenberg Blocks 2.7.11
Spectra – WordPress Gutenberg Blocks 2.8.0
Spectra – WordPress Gutenberg Blocks 2.9.0
Spectra – WordPress Gutenberg Blocks 2.9.1
Spectra – WordPress Gutenberg Blocks 2.10.0
Spectra – WordPress Gutenberg Blocks 2.10.1
Spectra – WordPress Gutenberg Blocks 2.10.2
Spectra – WordPress Gutenberg Blocks 2.10.3
Spectra – WordPress Gutenberg Blocks 2.10.4
Spectra – WordPress Gutenberg Blocks 2.10.5
Spectra – WordPress Gutenberg Blocks 2.11.0
Spectra – WordPress Gutenberg Blocks 2.11.1
Spectra – WordPress Gutenberg Blocks 2.11.2
Spectra – WordPress Gutenberg Blocks 2.11.3
Spectra – WordPress Gutenberg Blocks 2.11.4
Spectra – WordPress Gutenberg Blocks 2.12.0
Spectra – WordPress Gutenberg Blocks 2.12.1
Spectra – WordPress Gutenberg Blocks 2.12.2
Spectra – WordPress Gutenberg Blocks 2.12.3
Spectra – WordPress Gutenberg Blocks 2.12.4
Spectra – WordPress Gutenberg Blocks 2.12.5
Spectra – WordPress Gutenberg Blocks 2.12.6
Spectra – WordPress Gutenberg Blocks 2.12.7
Spectra – WordPress Gutenberg Blocks 2.12.8
Spectra – WordPress Gutenberg Blocks 2.12.9
Spectra – WordPress Gutenberg Blocks 2.13.0
Spectra – WordPress Gutenberg Blocks 2.13.1
Spectra – WordPress Gutenberg Blocks 2.13.2
Spectra – WordPress Gutenberg Blocks 2.13.3
Spectra – WordPress Gutenberg Blocks 2.13.4
Spectra – WordPress Gutenberg Blocks 2.13.5
Spectra – WordPress Gutenberg Blocks 2.13.6
Spectra – WordPress Gutenberg Blocks 2.13.7
Spectra – WordPress Gutenberg Blocks 2.13.8
Spectra – WordPress Gutenberg Blocks 2.13.9
Spectra – WordPress Gutenberg Blocks 2.14.0
Spectra – WordPress Gutenberg Blocks 2.14.1
Spectra – WordPress Gutenberg Blocks 2.15.0
Spectra – WordPress Gutenberg Blocks 2.15.1
Spectra – WordPress Gutenberg Blocks 2.15.2
Spectra – WordPress Gutenberg Blocks 2.15.3
Spectra – WordPress Gutenberg Blocks 2.16.0
Spectra – WordPress Gutenberg Blocks 2.16.1
Spectra – WordPress Gutenberg Blocks 2.16.2
Spectra – WordPress Gutenberg Blocks 2.16.3
Spectra – WordPress Gutenberg Blocks 2.16.4

Stored Cross-Site Scripting via SVG File Upload

Skrevet den 18. februar 202518. oktober 2025 af i Ultimate Addons for Elementor

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. CVE-2024-10325

This vulnerability affects the following application versions:

Ultimate Addons for Elementor 1.6.0
Ultimate Addons for Elementor 1.6.1
Ultimate Addons for Elementor 1.6.2
Ultimate Addons for Elementor 1.6.3
Ultimate Addons for Elementor 1.6.4
Ultimate Addons for Elementor 1.6.5
Ultimate Addons for Elementor 1.6.6
Ultimate Addons for Elementor 1.6.7
Ultimate Addons for Elementor 1.6.8
Ultimate Addons for Elementor 1.6.9
Ultimate Addons for Elementor 1.6.10
Ultimate Addons for Elementor 1.6.11
Ultimate Addons for Elementor 1.6.12
Ultimate Addons for Elementor 1.6.13
Ultimate Addons for Elementor 1.6.14
Ultimate Addons for Elementor 1.6.15
Ultimate Addons for Elementor 1.6.16
Ultimate Addons for Elementor 1.6.17
Ultimate Addons for Elementor 1.6.18
Ultimate Addons for Elementor 1.6.19
Ultimate Addons for Elementor 1.6.20
Ultimate Addons for Elementor 1.6.21
Ultimate Addons for Elementor 1.6.22
Ultimate Addons for Elementor 1.6.23
Ultimate Addons for Elementor 1.6.24
Ultimate Addons for Elementor 1.6.25
Ultimate Addons for Elementor 1.6.26
Ultimate Addons for Elementor 1.6.27
Ultimate Addons for Elementor 1.6.28
Ultimate Addons for Elementor 1.6.29
Ultimate Addons for Elementor 1.6.30
Ultimate Addons for Elementor 1.6.31
Ultimate Addons for Elementor 1.6.32
Ultimate Addons for Elementor 1.6.33
Ultimate Addons for Elementor 1.6.34
Ultimate Addons for Elementor 1.6.35
Ultimate Addons for Elementor 1.6.36
Ultimate Addons for Elementor 1.6.37
Ultimate Addons for Elementor 1.6.38
Ultimate Addons for Elementor 1.6.39
Ultimate Addons for Elementor 1.6.40
Ultimate Addons for Elementor 1.6.41
Ultimate Addons for Elementor 1.6.42
Ultimate Addons for Elementor 1.6.43
Ultimate Addons for Elementor 1.6.44
Ultimate Addons for Elementor 1.6.45

Incorrect permission allows to access ACF shortcodes from private posts

Skrevet den 11. februar 202518. oktober 2025 af i Advanced Custom Fields (ACF)

The ACF shortcode now prevents access to fields from different private posts by default

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 5.7.3
Advanced Custom Fields (ACF) 5.7.4
Advanced Custom Fields (ACF) 5.7.5
Advanced Custom Fields (ACF) 5.7.6
Advanced Custom Fields (ACF) 5.7.7
Advanced Custom Fields (ACF) 5.7.8
Advanced Custom Fields (ACF) 5.7.9
Advanced Custom Fields (ACF) 5.7.10
Advanced Custom Fields (ACF) 5.7.12
Advanced Custom Fields (ACF) 5.7.13
Advanced Custom Fields (ACF) 5.8.0
Advanced Custom Fields (ACF) 5.8.1
Advanced Custom Fields (ACF) 5.8.2
Advanced Custom Fields (ACF) 5.8.3
Advanced Custom Fields (ACF) 5.8.4
Advanced Custom Fields (ACF) 5.8.5
Advanced Custom Fields (ACF) 5.8.6
Advanced Custom Fields (ACF) 5.8.7
Advanced Custom Fields (ACF) 5.8.8
Advanced Custom Fields (ACF) 5.8.9
Advanced Custom Fields (ACF) 5.8.10
Advanced Custom Fields (ACF) 5.8.11
Advanced Custom Fields (ACF) 5.8.12
Advanced Custom Fields (ACF) 5.8.13
Advanced Custom Fields (ACF) 5.8.14
Advanced Custom Fields (ACF) 5.9.0
Advanced Custom Fields (ACF) 5.9.1
Advanced Custom Fields (ACF) 5.9.2
Advanced Custom Fields (ACF) 5.9.3
Advanced Custom Fields (ACF) 5.9.4
Advanced Custom Fields (ACF) 5.9.5
Advanced Custom Fields (ACF) 5.9.6
Advanced Custom Fields (ACF) 5.9.7
Advanced Custom Fields (ACF) 5.9.8
Advanced Custom Fields (ACF) 5.9.9
Advanced Custom Fields (ACF) 5.10
Advanced Custom Fields (ACF) 5.10.1
Advanced Custom Fields (ACF) 5.10.2
Advanced Custom Fields (ACF) 5.11
Advanced Custom Fields (ACF) 5.11.1
Advanced Custom Fields (ACF) 5.11.2
Advanced Custom Fields (ACF) 5.11.3
Advanced Custom Fields (ACF) 5.11.4
Advanced Custom Fields (ACF) 5.12
Advanced Custom Fields (ACF) 5.12.1
Advanced Custom Fields (ACF) 5.12.2
Advanced Custom Fields (ACF) 5.12.3
Advanced Custom Fields (ACF) 5.12.4
Advanced Custom Fields (ACF) 5.12.5
Advanced Custom Fields (ACF) 5.12.6
Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1
Advanced Custom Fields (ACF) 6.3.2
Advanced Custom Fields (ACF) 6.3.3

Incorrect permissions in header and footer

Skrevet den 11. februar 202518. oktober 2025 af i Ultimate Addons for Elementor

Added additional permission checks to prevent unauthorized users from viewing or editing content. If the current user does not have the edit_post capability for the specified post, the code checks the post status (draft, private, pending) or whether the post is password-protected. If any of these conditions are met, access is blocked and an empty string is returned. This ensures that users without the proper permissions cannot view or modify restricted or protected posts.

This vulnerability affects the following application versions:

Ultimate Addons for Elementor 1.1.0
Ultimate Addons for Elementor 1.1.1
Ultimate Addons for Elementor 1.1.2
Ultimate Addons for Elementor 1.2.0
Ultimate Addons for Elementor 1.2.1
Ultimate Addons for Elementor 1.2.2
Ultimate Addons for Elementor 1.3.0
Ultimate Addons for Elementor 1.3.1
Ultimate Addons for Elementor 1.4.0
Ultimate Addons for Elementor 1.4.1
Ultimate Addons for Elementor 1.5.0
Ultimate Addons for Elementor 1.5.1
Ultimate Addons for Elementor 1.5.2
Ultimate Addons for Elementor 1.5.3
Ultimate Addons for Elementor 1.5.4
Ultimate Addons for Elementor 1.5.5
Ultimate Addons for Elementor 1.5.6
Ultimate Addons for Elementor 1.5.7
Ultimate Addons for Elementor 1.5.8
Ultimate Addons for Elementor 1.5.9
Ultimate Addons for Elementor 1.6.0
Ultimate Addons for Elementor 1.6.1
Ultimate Addons for Elementor 1.6.2
Ultimate Addons for Elementor 1.6.3
Ultimate Addons for Elementor 1.6.4
Ultimate Addons for Elementor 1.6.5
Ultimate Addons for Elementor 1.6.6
Ultimate Addons for Elementor 1.6.7
Ultimate Addons for Elementor 1.6.8
Ultimate Addons for Elementor 1.6.9
Ultimate Addons for Elementor 1.6.10
Ultimate Addons for Elementor 1.6.11
Ultimate Addons for Elementor 1.6.12
Ultimate Addons for Elementor 1.6.13
Ultimate Addons for Elementor 1.6.14
Ultimate Addons for Elementor 1.6.15
Ultimate Addons for Elementor 1.6.16
Ultimate Addons for Elementor 1.6.17
Ultimate Addons for Elementor 1.6.18
Ultimate Addons for Elementor 1.6.19
Ultimate Addons for Elementor 1.6.20
Ultimate Addons for Elementor 1.6.21
Ultimate Addons for Elementor 1.6.22
Ultimate Addons for Elementor 1.6.23
Ultimate Addons for Elementor 1.6.24
Ultimate Addons for Elementor 1.6.25
Ultimate Addons for Elementor 1.6.26
Ultimate Addons for Elementor 1.6.27
Ultimate Addons for Elementor 1.6.28
Ultimate Addons for Elementor 1.6.29
Ultimate Addons for Elementor 1.6.30
Ultimate Addons for Elementor 1.6.31
Ultimate Addons for Elementor 1.6.32
Ultimate Addons for Elementor 1.6.33
Ultimate Addons for Elementor 1.6.34
Ultimate Addons for Elementor 1.6.35
Ultimate Addons for Elementor 1.6.36
Ultimate Addons for Elementor 1.6.37
Ultimate Addons for Elementor 1.6.38
Ultimate Addons for Elementor 1.6.39
Ultimate Addons for Elementor 1.6.40
Ultimate Addons for Elementor 1.6.41
Ultimate Addons for Elementor 1.6.42
Ultimate Addons for Elementor 1.6.43

Authenticated (Contributor+) Stored Cross-Site Scripting

Skrevet den 21. januar 202510. juni 2025 af i LiteSpeed Cache

Due to insufficient input sanitization and output escaping, authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which will execute whenever a user accesses an affected page.

This vulnerability affects the following application versions:

LiteSpeed Cache 3.6.4
LiteSpeed Cache 4.0
LiteSpeed Cache 4.1
LiteSpeed Cache 4.2
LiteSpeed Cache 4.3
LiteSpeed Cache 4.4
LiteSpeed Cache 4.4.1
LiteSpeed Cache 4.4.2
LiteSpeed Cache 4.4.3
LiteSpeed Cache 4.4.4
LiteSpeed Cache 4.4.5
LiteSpeed Cache 4.4.6
LiteSpeed Cache 4.4.7
LiteSpeed Cache 4.5
LiteSpeed Cache 4.5.0.1
LiteSpeed Cache 4.6
LiteSpeed Cache 5.0
LiteSpeed Cache 5.0.0.1
LiteSpeed Cache 5.0.1
LiteSpeed Cache 5.1
LiteSpeed Cache 5.2
LiteSpeed Cache 5.2.1
LiteSpeed Cache 5.3
LiteSpeed Cache 5.3.1
LiteSpeed Cache 5.3.2
LiteSpeed Cache 5.3.3
LiteSpeed Cache 5.4
LiteSpeed Cache 5.5
LiteSpeed Cache 5.5.1
LiteSpeed Cache 5.6
LiteSpeed Cache 5.7
LiteSpeed Cache 5.7.0.1
LiteSpeed Cache 6.0
LiteSpeed Cache 6.0.0.1
LiteSpeed Cache 6.1
LiteSpeed Cache 6.2
LiteSpeed Cache 6.2.0.1
LiteSpeed Cache 6.3
LiteSpeed Cache 6.3.0.1
LiteSpeed Cache 6.4
LiteSpeed Cache 6.4.1
LiteSpeed Cache 6.5
LiteSpeed Cache 6.5.0.1
LiteSpeed Cache 6.5.0.2

SQL injection in the common app

Skrevet den 21. januar 202518. oktober 2025 af i All in One SEO Pack

SQL injection in the common app

This vulnerability affects the following application versions:

All in One SEO Pack 4.2.3.1
All in One SEO Pack 4.2.4
All in One SEO Pack 4.2.5.1
All in One SEO Pack 4.2.6
All in One SEO Pack 4.2.6.1
All in One SEO Pack 4.2.7.1
All in One SEO Pack 4.2.8
All in One SEO Pack 4.2.9
All in One SEO Pack 4.3.0
All in One SEO Pack 4.3.1
All in One SEO Pack 4.3.1.1
All in One SEO Pack 4.3.2
All in One SEO Pack 4.3.3
All in One SEO Pack 4.3.4.1
All in One SEO Pack 4.3.5
All in One SEO Pack 4.3.6.1
All in One SEO Pack 4.3.7
All in One SEO Pack 4.3.8
All in One SEO Pack 4.3.9
All in One SEO Pack 4.4.0.1
All in One SEO Pack 4.4.1
All in One SEO Pack 4.4.2
All in One SEO Pack 4.4.3
All in One SEO Pack 4.4.4
All in One SEO Pack 4.4.5.1
All in One SEO Pack 4.4.6
All in One SEO Pack 4.4.7
All in One SEO Pack 4.4.7.1
All in One SEO Pack 4.4.8
All in One SEO Pack 4.4.9.1
All in One SEO Pack 4.4.9.2
All in One SEO Pack 4.5.0
All in One SEO Pack 4.5.1.1
All in One SEO Pack 4.5.2.1
All in One SEO Pack 4.5.3.1
All in One SEO Pack 4.5.4
All in One SEO Pack 4.5.5
All in One SEO Pack 4.5.6
All in One SEO Pack 4.5.7.1
All in One SEO Pack 4.5.7.2
All in One SEO Pack 4.5.7.3
All in One SEO Pack 4.5.8
All in One SEO Pack 4.5.9.1
All in One SEO Pack 4.5.9.2
All in One SEO Pack 4.6.0
All in One SEO Pack 4.6.1.1
All in One SEO Pack 4.6.2
All in One SEO Pack 4.6.3
All in One SEO Pack 4.6.4
All in One SEO Pack 4.6.5
All in One SEO Pack 4.6.6
All in One SEO Pack 4.6.7.1
All in One SEO Pack 4.6.8.1
All in One SEO Pack 4.6.9
All in One SEO Pack 4.6.9.1
All in One SEO Pack 4.7.0

Unrestricted Upload of File with Dangerous Type

Skrevet den 21. januar 202518. oktober 2025 af i Magento

Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for web-server extensions such as .asp and .php because these file types are often treated as automatically executable, even when file system permissions do not specify execution. For example, in Unix environments, programs typically cannot run unless the execute bit is set, but PHP programs may be executed by the web server without directly invoking them on the operating system.

This vulnerability affects the following application versions:

Magento 2.4.3
Magento 2.4.3-p1
Magento 2.4.3-p2
Magento 2.4.3-p3
Magento 2.4.4
Magento 2.4.4-p1
Magento 2.4.4-p2
Magento 2.4.4-p3
Magento 2.4.4-p4
Magento 2.4.4-p5
Magento 2.4.4-p6
Magento 2.4.4-p7
Magento 2.4.4-p8
Magento 2.4.4-p9
Magento 2.4.5
Magento 2.4.5-p1
Magento 2.4.5-p2
Magento 2.4.5-p3
Magento 2.4.5-p4
Magento 2.4.5-p5
Magento 2.4.5-p6
Magento 2.4.5-p7
Magento 2.4.5-p8
Magento 2.4.6
Magento 2.4.6-p1
Magento 2.4.6-p2
Magento 2.4.6-p3
Magento 2.4.6-p4
Magento 2.4.6-p5
Magento 2.4.6-p6
Magento 2.4.7
Magento 2.4.7-beta1
Magento 2.4.7-beta2
Magento 2.4.7-beta3
Magento 2.4.7-p1

SQL Injection in legacy field output

Skrevet den 21. januar 202518. oktober 2025 af i Advanced Custom Fields (ACF)

Deprecated a legacy private internal field type (output) to prevent it being able to output unsafe HTML

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 5.6.2
Advanced Custom Fields (ACF) 5.6.3
Advanced Custom Fields (ACF) 5.6.4
Advanced Custom Fields (ACF) 5.6.5
Advanced Custom Fields (ACF) 5.6.6
Advanced Custom Fields (ACF) 5.6.7
Advanced Custom Fields (ACF) 5.6.8
Advanced Custom Fields (ACF) 5.6.9
Advanced Custom Fields (ACF) 5.6.10
Advanced Custom Fields (ACF) 5.7.0
Advanced Custom Fields (ACF) 5.7.1
Advanced Custom Fields (ACF) 5.7.2
Advanced Custom Fields (ACF) 5.7.3
Advanced Custom Fields (ACF) 5.7.4
Advanced Custom Fields (ACF) 5.7.5
Advanced Custom Fields (ACF) 5.7.6
Advanced Custom Fields (ACF) 5.7.7
Advanced Custom Fields (ACF) 5.7.8
Advanced Custom Fields (ACF) 5.7.9
Advanced Custom Fields (ACF) 5.7.10
Advanced Custom Fields (ACF) 5.7.12
Advanced Custom Fields (ACF) 5.7.13
Advanced Custom Fields (ACF) 5.8.0
Advanced Custom Fields (ACF) 5.8.1
Advanced Custom Fields (ACF) 5.8.2
Advanced Custom Fields (ACF) 5.8.3
Advanced Custom Fields (ACF) 5.8.4
Advanced Custom Fields (ACF) 5.8.5
Advanced Custom Fields (ACF) 5.8.6
Advanced Custom Fields (ACF) 5.8.7
Advanced Custom Fields (ACF) 5.8.8
Advanced Custom Fields (ACF) 5.8.9
Advanced Custom Fields (ACF) 5.8.10
Advanced Custom Fields (ACF) 5.8.11
Advanced Custom Fields (ACF) 5.8.12
Advanced Custom Fields (ACF) 5.8.13
Advanced Custom Fields (ACF) 5.8.14
Advanced Custom Fields (ACF) 5.9.0
Advanced Custom Fields (ACF) 5.9.1
Advanced Custom Fields (ACF) 5.9.2
Advanced Custom Fields (ACF) 5.9.3
Advanced Custom Fields (ACF) 5.9.4
Advanced Custom Fields (ACF) 5.9.5
Advanced Custom Fields (ACF) 5.9.6
Advanced Custom Fields (ACF) 5.9.7
Advanced Custom Fields (ACF) 5.9.8
Advanced Custom Fields (ACF) 5.9.9
Advanced Custom Fields (ACF) 5.10
Advanced Custom Fields (ACF) 5.10.1
Advanced Custom Fields (ACF) 5.10.2
Advanced Custom Fields (ACF) 5.11
Advanced Custom Fields (ACF) 5.11.1
Advanced Custom Fields (ACF) 5.11.2
Advanced Custom Fields (ACF) 5.11.3
Advanced Custom Fields (ACF) 5.11.4
Advanced Custom Fields (ACF) 5.12
Advanced Custom Fields (ACF) 5.12.1
Advanced Custom Fields (ACF) 5.12.2
Advanced Custom Fields (ACF) 5.12.3
Advanced Custom Fields (ACF) 5.12.4
Advanced Custom Fields (ACF) 5.12.5
Advanced Custom Fields (ACF) 5.12.6
Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1

Incorrect permissions check in different sections.

Skrevet den 21. januar 202518. oktober 2025 af i Elementor Website Builder

A few section in Elementor, fall short on checking correct permission when doing actions.

This vulnerability affects the following application versions:

Elementor Website Builder 3.9.0
Elementor Website Builder 3.9.0-beta1
Elementor Website Builder 3.9.0-beta2
Elementor Website Builder 3.9.0-beta3
Elementor Website Builder 3.9.0-dev4
Elementor Website Builder 3.9.1
Elementor Website Builder 3.9.2
Elementor Website Builder 3.10.0
Elementor Website Builder 3.10.0-beta1
Elementor Website Builder 3.10.0-beta2
Elementor Website Builder 3.10.0-beta3
Elementor Website Builder 3.10.0-dev1
Elementor Website Builder 3.10.1
Elementor Website Builder 3.10.2
Elementor Website Builder 3.11.0
Elementor Website Builder 3.11.0-beta1
Elementor Website Builder 3.11.0-beta2
Elementor Website Builder 3.11.0-beta3
Elementor Website Builder 3.11.0-dev1
Elementor Website Builder 3.11.0-dev2
Elementor Website Builder 3.11.0-dev3
Elementor Website Builder 3.11.1
Elementor Website Builder 3.11.2
Elementor Website Builder 3.11.3
Elementor Website Builder 3.11.4
Elementor Website Builder 3.11.5
Elementor Website Builder 3.12.0
Elementor Website Builder 3.12.0-beta1
Elementor Website Builder 3.12.0-beta2
Elementor Website Builder 3.12.0-beta3
Elementor Website Builder 3.12.0-dev1
Elementor Website Builder 3.12.0-dev2
Elementor Website Builder 3.12.0-dev3
Elementor Website Builder 3.12.0-dev4
Elementor Website Builder 3.12.1
Elementor Website Builder 3.12.2
Elementor Website Builder 3.13.0
Elementor Website Builder 3.13.0-beta1
Elementor Website Builder 3.13.0-beta2
Elementor Website Builder 3.13.0-beta3
Elementor Website Builder 3.13.0-beta4
Elementor Website Builder 3.13.0-dev1
Elementor Website Builder 3.13.0-dev2
Elementor Website Builder 3.13.0-dev3
Elementor Website Builder 3.13.0-dev4
Elementor Website Builder 3.13.1
Elementor Website Builder 3.13.2
Elementor Website Builder 3.13.3
Elementor Website Builder 3.13.4
Elementor Website Builder 3.14.0
Elementor Website Builder 3.14.0-beta1
Elementor Website Builder 3.14.0-beta2
Elementor Website Builder 3.14.0-beta3
Elementor Website Builder 3.14.0-beta4
Elementor Website Builder 3.14.0-beta5
Elementor Website Builder 3.14.0-dev1
Elementor Website Builder 3.14.0-dev2
Elementor Website Builder 3.14.0-dev3
Elementor Website Builder 3.14.0-dev4
Elementor Website Builder 3.14.0-dev5
Elementor Website Builder 3.14.1
Elementor Website Builder 3.15.0
Elementor Website Builder 3.15.0-beta1
Elementor Website Builder 3.15.0-beta2
Elementor Website Builder 3.15.0-beta3
Elementor Website Builder 3.15.0-beta4
Elementor Website Builder 3.15.0-beta5
Elementor Website Builder 3.15.0-beta6
Elementor Website Builder 3.15.0-dev1
Elementor Website Builder 3.15.0-dev2
Elementor Website Builder 3.15.0-dev3
Elementor Website Builder 3.15.0-dev4
Elementor Website Builder 3.15.0-dev5
Elementor Website Builder 3.15.0-dev6
Elementor Website Builder 3.15.1
Elementor Website Builder 3.15.2
Elementor Website Builder 3.15.3
Elementor Website Builder 3.16.0
Elementor Website Builder 3.16.0-beta1
Elementor Website Builder 3.16.0-beta2
Elementor Website Builder 3.16.0-beta3
Elementor Website Builder 3.16.0-beta4
Elementor Website Builder 3.16.0-dev1
Elementor Website Builder 3.16.0-dev2
Elementor Website Builder 3.16.0-dev3
Elementor Website Builder 3.16.0-dev4
Elementor Website Builder 3.16.1
Elementor Website Builder 3.16.2
Elementor Website Builder 3.16.3
Elementor Website Builder 3.16.4
Elementor Website Builder 3.16.5
Elementor Website Builder 3.16.6
Elementor Website Builder 3.17.0
Elementor Website Builder 3.17.0-beta1
Elementor Website Builder 3.17.0-beta2
Elementor Website Builder 3.17.0-beta3
Elementor Website Builder 3.17.0-beta4
Elementor Website Builder 3.17.0-dev1
Elementor Website Builder 3.17.0-dev2
Elementor Website Builder 3.17.0-dev3
Elementor Website Builder 3.17.0-dev4
Elementor Website Builder 3.17.1
Elementor Website Builder 3.17.2
Elementor Website Builder 3.17.3
Elementor Website Builder 3.18.0
Elementor Website Builder 3.18.0-beta1
Elementor Website Builder 3.18.0-beta2
Elementor Website Builder 3.18.0-beta3
Elementor Website Builder 3.18.0-beta4
Elementor Website Builder 3.18.0-dev1
Elementor Website Builder 3.18.0-dev2
Elementor Website Builder 3.18.0-dev3
Elementor Website Builder 3.18.0-dev4
Elementor Website Builder 3.18.1
Elementor Website Builder 3.18.2
Elementor Website Builder 3.18.3
Elementor Website Builder 3.19.0
Elementor Website Builder 3.19.0-beta1
Elementor Website Builder 3.19.0-beta2
Elementor Website Builder 3.19.0-beta3
Elementor Website Builder 3.19.0-beta4
Elementor Website Builder 3.19.0-beta5
Elementor Website Builder 3.19.0-beta6
Elementor Website Builder 3.19.0-dev1
Elementor Website Builder 3.19.0-dev2
Elementor Website Builder 3.19.0-dev3
Elementor Website Builder 3.19.0-dev4
Elementor Website Builder 3.19.0-dev5
Elementor Website Builder 3.19.0-dev6
Elementor Website Builder 3.19.1
Elementor Website Builder 3.19.2
Elementor Website Builder 3.19.3
Elementor Website Builder 3.19.4
Elementor Website Builder 3.20.0
Elementor Website Builder 3.20.0-beta1
Elementor Website Builder 3.20.0-beta2
Elementor Website Builder 3.20.0-beta3
Elementor Website Builder 3.20.0-beta4
Elementor Website Builder 3.20.0-dev1
Elementor Website Builder 3.20.0-dev2
Elementor Website Builder 3.20.0-dev3
Elementor Website Builder 3.20.0-dev4
Elementor Website Builder 3.20.1
Elementor Website Builder 3.20.2
Elementor Website Builder 3.20.3
Elementor Website Builder 3.20.4
Elementor Website Builder 3.21.0
Elementor Website Builder 3.21.0-beta1
Elementor Website Builder 3.21.0-beta2
Elementor Website Builder 3.21.0-beta3
Elementor Website Builder 3.21.0-dev1
Elementor Website Builder 3.21.0-dev2
Elementor Website Builder 3.21.0-dev3
Elementor Website Builder 3.21.1
Elementor Website Builder 3.21.2
Elementor Website Builder 3.21.3
Elementor Website Builder 3.21.4
Elementor Website Builder 3.21.5
Elementor Website Builder 3.21.6
Elementor Website Builder 3.21.7
Elementor Website Builder 3.21.8
Elementor Website Builder 3.22.0
Elementor Website Builder 3.22.0-beta1
Elementor Website Builder 3.22.0-beta2
Elementor Website Builder 3.22.0-beta3
Elementor Website Builder 3.22.0-beta4
Elementor Website Builder 3.22.0-beta5
Elementor Website Builder 3.22.0-beta6
Elementor Website Builder 3.22.0-dev1
Elementor Website Builder 3.22.0-dev2
Elementor Website Builder 3.22.0-dev3
Elementor Website Builder 3.22.0-dev4
Elementor Website Builder 3.22.0-dev5
Elementor Website Builder 3.22.0-dev6
Elementor Website Builder 3.22.1
Elementor Website Builder 3.22.2
Elementor Website Builder 3.22.3
Elementor Website Builder 3.23.0
Elementor Website Builder 3.23.0-beta1
Elementor Website Builder 3.23.0-beta2
Elementor Website Builder 3.23.0-beta3
Elementor Website Builder 3.23.0-beta4
Elementor Website Builder 3.23.0-beta5
Elementor Website Builder 3.23.0-beta6
Elementor Website Builder 3.23.0-dev1
Elementor Website Builder 3.23.0-dev2
Elementor Website Builder 3.23.0-dev3
Elementor Website Builder 3.23.0-dev4
Elementor Website Builder 3.23.0-dev5
Elementor Website Builder 3.23.0-dev6
Elementor Website Builder 3.23.1
Elementor Website Builder 3.23.2
Elementor Website Builder 3.23.3
Elementor Website Builder 3.23.4
Elementor Website Builder 3.24.0
Elementor Website Builder 3.24.0-beta1
Elementor Website Builder 3.24.0-beta2
Elementor Website Builder 3.24.0-beta3
Elementor Website Builder 3.24.0-dev1
Elementor Website Builder 3.24.0-dev2
Elementor Website Builder 3.24.0-dev3
Elementor Website Builder 3.24.1
Elementor Website Builder 3.24.2
Elementor Website Builder 3.24.3
Elementor Website Builder 3.24.4
Elementor Website Builder 3.24.5

XSS vectors in module chromes

Skrevet den 10. januar 202518. oktober 2025 af i Joomla

Module title is vulnerable to cross site scripting attacks which might be executed in the browser.

This vulnerability affects the following application versions:

Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2

[20250103] Read ACL violation in multiple core views

Skrevet den 10. januar 2025 af i Joomla

Improper Access Controls allows access to protected views.

CVE Number: CVE-2024-40749

This vulnerability affects the following application versions:

Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2

XSS vector in the id attribute of menu lists

Skrevet den 10. januar 202518. oktober 2025 af i Joomla

Lack of output escaping in the id attribute of menu lists.

CVE Number: CVE-2024-40748

This vulnerability affects the following application versions:

Joomla 2.5.0
Joomla 2.5.1
Joomla 2.5.2
Joomla 2.5.3
Joomla 2.5.4
Joomla 2.5.5
Joomla 2.5.6
Joomla 2.5.7
Joomla 2.5.8
Joomla 2.5.9
Joomla 2.5.10
Joomla 2.5.11
Joomla 2.5.13
Joomla 2.5.14
Joomla 2.5.15
Joomla 2.5.16
Joomla 2.5.17
Joomla 2.5.18
Joomla 2.5.19
Joomla 2.5.20
Joomla 2.5.21
Joomla 2.5.22
Joomla 2.5.23
Joomla 2.5.24
Joomla 2.5.25
Joomla 2.5.26
Joomla 2.5.27
Joomla 2.5.28
Joomla 2.5.28.rc
Joomla 3.0.0
Joomla 3.0.1
Joomla 3.0.2
Joomla 3.0.3
Joomla 3.0.4
Joomla 3.1.0
Joomla 3.1.1
Joomla 3.1.4
Joomla 3.1.5
Joomla 3.1.6
Joomla 3.2.0
Joomla 3.2.1
Joomla 3.2.2
Joomla 3.2.3
Joomla 3.2.4
Joomla 3.2.5
Joomla 3.2.6
Joomla 3.2.7
Joomla 3.3.0
Joomla 3.3.1
Joomla 3.3.2
Joomla 3.3.3
Joomla 3.3.4
Joomla 3.3.5
Joomla 3.3.6
Joomla 3.4.0
Joomla 3.4.0-rc
Joomla 3.4.1
Joomla 3.4.1-rc
Joomla 3.4.1-rc2
Joomla 3.4.2
Joomla 3.4.2-rc
Joomla 3.4.3
Joomla 3.4.4
Joomla 3.4.4-rc
Joomla 3.4.4-rc2
Joomla 3.4.5
Joomla 3.4.6
Joomla 3.4.7
Joomla 3.4.8
Joomla 3.4.8-rc
Joomla 3.5.0
Joomla 3.5.0-rc
Joomla 3.5.0-rc2
Joomla 3.5.0-rc3
Joomla 3.5.0-rc4
Joomla 3.5.1
Joomla 3.5.1-rc
Joomla 3.5.1-rc2
Joomla 3.6.0
Joomla 3.6.0-rc
Joomla 3.6.0-rc2
Joomla 3.6.1
Joomla 3.6.1-rc1
Joomla 3.6.1-rc2
Joomla 3.6.2
Joomla 3.6.3
Joomla 3.6.3-rc1
Joomla 3.6.3-rc2
Joomla 3.6.3-rc3
Joomla 3.6.4
Joomla 3.6.5
Joomla 3.7.0
Joomla 3.7.0-rc1
Joomla 3.7.0-rc2
Joomla 3.7.0-rc3
Joomla 3.7.0-rc4
Joomla 3.7.1
Joomla 3.7.1-rc1
Joomla 3.7.1-rc2
Joomla 3.7.2
Joomla 3.7.3
Joomla 3.7.3-rc1
Joomla 3.7.3-rc2
Joomla 3.7.4
Joomla 3.7.4-rc1
Joomla 3.7.5
Joomla 3.8.0
Joomla 3.8.0-rc1
Joomla 3.8.1
Joomla 3.8.1-rc
Joomla 3.8.2
Joomla 3.8.2-rc
Joomla 3.8.3
Joomla 3.8.3-rc
Joomla 3.8.4
Joomla 3.8.4-rc
Joomla 3.8.4-rc2
Joomla 3.8.5
Joomla 3.8.5-rc
Joomla 3.8.6
Joomla 3.8.6-rc1
Joomla 3.8.7
Joomla 3.8.7-rc
Joomla 3.8.8
Joomla 3.8.8-rc
Joomla 3.8.9
Joomla 3.8.9-rc
Joomla 3.8.10
Joomla 3.8.11
Joomla 3.8.12
Joomla 3.8.13
Joomla 3.9.0
Joomla 3.9.1
Joomla 3.9.2
Joomla 3.9.3
Joomla 3.9.4
Joomla 3.9.5
Joomla 3.9.6
Joomla 3.9.7
Joomla 3.9.8
Joomla 3.9.9
Joomla 3.9.10
Joomla 3.9.11
Joomla 3.9.12
Joomla 3.9.13
Joomla 3.9.14
Joomla 3.9.15
Joomla 3.9.16
Joomla 3.9.17
Joomla 3.9.18
Joomla 3.9.19
Joomla 3.9.20
Joomla 3.9.21
Joomla 3.9.22
Joomla 3.9.23
Joomla 3.9.24
Joomla 3.9.25
Joomla 3.9.26
Joomla 3.9.27
Joomla 3.9.28
Joomla 3.10.0
Joomla 3.10.1
Joomla 3.10.2
Joomla 3.10.3
Joomla 3.10.4
Joomla 3.10.5
Joomla 3.10.6
Joomla 3.10.7
Joomla 3.10.8
Joomla 3.10.9
Joomla 3.10.10
Joomla 3.10.11
Joomla 3.10.12
Joomla 4.0.0
Joomla 4.0.1
Joomla 4.0.2
Joomla 4.0.3
Joomla 4.0.4
Joomla 4.0.5
Joomla 4.0.6
Joomla 4.1.0
Joomla 4.1.1
Joomla 4.1.2
Joomla 4.1.3
Joomla 4.1.4
Joomla 4.1.5
Joomla 4.2.0
Joomla 4.2.1
Joomla 4.2.2
Joomla 4.2.3
Joomla 4.2.4
Joomla 4.2.5
Joomla 4.2.6
Joomla 4.2.7
Joomla 4.2.8
Joomla 4.2.9
Joomla 4.3.0
Joomla 4.3.1
Joomla 4.3.2
Joomla 4.3.3
Joomla 4.3.4
Joomla 4.4.0
Joomla 4.4.1
Joomla 4.4.2
Joomla 4.4.3
Joomla 4.4.4
Joomla 4.4.5
Joomla 4.4.6
Joomla 4.4.7
Joomla 4.4.8
Joomla 4.4.9
Joomla 5.0.0
Joomla 5.0.1
Joomla 5.0.2
Joomla 5.0.3
Joomla 5.1.0
Joomla 5.1.1
Joomla 5.1.2
Joomla 5.1.3
Joomla 5.1.4
Joomla 5.2.0
Joomla 5.2.1
Joomla 5.2.2

Cross-site scripting available on link suggestions.

Skrevet den 7. januar 2025 af i Rank Math SEO

When creating / editing a post xss is available by using other posts as pillar contents in link suggestions.

This vulnerability affects the following application versions:

Rank Math SEO 1.0.215
Rank Math SEO 1.0.215.1
Rank Math SEO 1.0.216
Rank Math SEO 1.0.217
Rank Math SEO 1.0.218

XSS in admin settings

Skrevet den 7. januar 202518. oktober 2025 af i All in One SEO Pack

XSS in admin settings

This vulnerability affects the following application versions:

All in One SEO Pack 4.0.6
All in One SEO Pack 4.0.7
All in One SEO Pack 4.0.8
All in One SEO Pack 4.0.9
All in One SEO Pack 4.0.10
All in One SEO Pack 4.0.12
All in One SEO Pack 4.0.15
All in One SEO Pack 4.0.16
All in One SEO Pack 4.0.17
All in One SEO Pack 4.0.18
All in One SEO Pack 4.1.0.1
All in One SEO Pack 4.1.0.2
All in One SEO Pack 4.1.0.3
All in One SEO Pack 4.1.1
All in One SEO Pack 4.1.1.1
All in One SEO Pack 4.1.1.2
All in One SEO Pack 4.1.2.1
All in One SEO Pack 4.1.2.2
All in One SEO Pack 4.1.2.3
All in One SEO Pack 4.1.3.1
All in One SEO Pack 4.1.3.3
All in One SEO Pack 4.1.3.4
All in One SEO Pack 4.1.4.1
All in One SEO Pack 4.1.4.2
All in One SEO Pack 4.1.4.3
All in One SEO Pack 4.1.4.4
All in One SEO Pack 4.1.4.5
All in One SEO Pack 4.1.5.1
All in One SEO Pack 4.1.5.2
All in One SEO Pack 4.1.5.3
All in One SEO Pack 4.1.6.2
All in One SEO Pack 4.1.7
All in One SEO Pack 4.1.8
All in One SEO Pack 4.1.9.1
All in One SEO Pack 4.1.9.3
All in One SEO Pack 4.1.9.4
All in One SEO Pack 4.1.10
All in One SEO Pack 4.2.0
All in One SEO Pack 4.2.1.1
All in One SEO Pack 4.2.2
All in One SEO Pack 4.2.3.1
All in One SEO Pack 4.2.4
All in One SEO Pack 4.2.5.1
All in One SEO Pack 4.2.6
All in One SEO Pack 4.2.6.1
All in One SEO Pack 4.2.7.1
All in One SEO Pack 4.2.8
All in One SEO Pack 4.2.9
All in One SEO Pack 4.3.0
All in One SEO Pack 4.3.1
All in One SEO Pack 4.3.1.1
All in One SEO Pack 4.3.2
All in One SEO Pack 4.3.3
All in One SEO Pack 4.3.4.1
All in One SEO Pack 4.3.5
All in One SEO Pack 4.3.6.1
All in One SEO Pack 4.3.7
All in One SEO Pack 4.3.8
All in One SEO Pack 4.3.9
All in One SEO Pack 4.4.0.1
All in One SEO Pack 4.4.1
All in One SEO Pack 4.4.2
All in One SEO Pack 4.4.3
All in One SEO Pack 4.4.4
All in One SEO Pack 4.4.5.1
All in One SEO Pack 4.4.6
All in One SEO Pack 4.4.7
All in One SEO Pack 4.4.7.1
All in One SEO Pack 4.4.8
All in One SEO Pack 4.4.9.1
All in One SEO Pack 4.4.9.2
All in One SEO Pack 4.5.0
All in One SEO Pack 4.5.1.1
All in One SEO Pack 4.5.2.1
All in One SEO Pack 4.5.3.1
All in One SEO Pack 4.5.4
All in One SEO Pack 4.5.5
All in One SEO Pack 4.5.6
All in One SEO Pack 4.5.7.1
All in One SEO Pack 4.5.7.2
All in One SEO Pack 4.5.7.3
All in One SEO Pack 4.5.8
All in One SEO Pack 4.5.9.1
All in One SEO Pack 4.5.9.2
All in One SEO Pack 4.6.0
All in One SEO Pack 4.6.1.1
All in One SEO Pack 4.6.2
All in One SEO Pack 4.6.3
All in One SEO Pack 4.6.4
All in One SEO Pack 4.6.5
All in One SEO Pack 4.6.6
All in One SEO Pack 4.6.7.1
All in One SEO Pack 4.6.8.1
All in One SEO Pack 4.6.9
All in One SEO Pack 4.6.9.1
All in One SEO Pack 4.7.0

XSS in admin settings

Skrevet den 7. januar 202518. oktober 2025 af i Mailchimp for WordPress

This patch fixes XSS in admin settings at integrations and forms pages.

This vulnerability affects the following application versions:

Mailchimp for WordPress 3.0.2
Mailchimp for WordPress 3.0.3
Mailchimp for WordPress 3.0.4
Mailchimp for WordPress 3.0.5
Mailchimp for WordPress 3.0.6
Mailchimp for WordPress 3.0.7
Mailchimp for WordPress 3.0.8
Mailchimp for WordPress 3.0.9
Mailchimp for WordPress 3.0.10
Mailchimp for WordPress 3.0.11
Mailchimp for WordPress 3.0.12
Mailchimp for WordPress 3.1
Mailchimp for WordPress 3.1.1
Mailchimp for WordPress 3.1.2
Mailchimp for WordPress 3.1.3
Mailchimp for WordPress 3.1.4
Mailchimp for WordPress 3.1.5
Mailchimp for WordPress 3.1.6
Mailchimp for WordPress 3.1.7
Mailchimp for WordPress 3.1.8
Mailchimp for WordPress 3.1.9
Mailchimp for WordPress 3.1.10
Mailchimp for WordPress 3.1.11
Mailchimp for WordPress 3.1.12
Mailchimp for WordPress 4.0
Mailchimp for WordPress 4.0.1
Mailchimp for WordPress 4.0.2
Mailchimp for WordPress 4.0.3
Mailchimp for WordPress 4.0.4
Mailchimp for WordPress 4.0.5
Mailchimp for WordPress 4.0.6
Mailchimp for WordPress 4.0.7
Mailchimp for WordPress 4.0.8
Mailchimp for WordPress 4.0.9
Mailchimp for WordPress 4.0.10
Mailchimp for WordPress 4.0.11
Mailchimp for WordPress 4.0.12
Mailchimp for WordPress 4.0.13
Mailchimp for WordPress 4.1.0
Mailchimp for WordPress 4.1.1
Mailchimp for WordPress 4.1.2
Mailchimp for WordPress 4.1.3
Mailchimp for WordPress 4.1.4
Mailchimp for WordPress 4.1.5
Mailchimp for WordPress 4.1.6
Mailchimp for WordPress 4.1.7
Mailchimp for WordPress 4.1.8
Mailchimp for WordPress 4.1.9
Mailchimp for WordPress 4.1.10
Mailchimp for WordPress 4.1.11
Mailchimp for WordPress 4.1.12
Mailchimp for WordPress 4.1.14
Mailchimp for WordPress 4.1.15
Mailchimp for WordPress 4.2
Mailchimp for WordPress 4.2.1
Mailchimp for WordPress 4.2.2
Mailchimp for WordPress 4.2.3
Mailchimp for WordPress 4.2.4
Mailchimp for WordPress 4.2.5
Mailchimp for WordPress 4.3
Mailchimp for WordPress 4.3.1
Mailchimp for WordPress 4.3.2
Mailchimp for WordPress 4.3.3
Mailchimp for WordPress 4.4
Mailchimp for WordPress 4.5.0
Mailchimp for WordPress 4.5.1
Mailchimp for WordPress 4.5.2
Mailchimp for WordPress 4.5.3
Mailchimp for WordPress 4.5.4
Mailchimp for WordPress 4.5.5
Mailchimp for WordPress 4.6.0
Mailchimp for WordPress 4.6.1
Mailchimp for WordPress 4.6.2
Mailchimp for WordPress 4.7
Mailchimp for WordPress 4.7.1
Mailchimp for WordPress 4.7.2
Mailchimp for WordPress 4.7.3
Mailchimp for WordPress 4.7.4
Mailchimp for WordPress 4.7.5
Mailchimp for WordPress 4.7.6
Mailchimp for WordPress 4.7.7
Mailchimp for WordPress 4.7.8
Mailchimp for WordPress 4.8
Mailchimp for WordPress 4.8.1
Mailchimp for WordPress 4.8.2
Mailchimp for WordPress 4.8.3
Mailchimp for WordPress 4.8.4
Mailchimp for WordPress 4.8.5
Mailchimp for WordPress 4.8.6
Mailchimp for WordPress 4.8.7
Mailchimp for WordPress 4.8.8
Mailchimp for WordPress 4.8.9
Mailchimp for WordPress 4.8.10
Mailchimp for WordPress 4.8.11
Mailchimp for WordPress 4.8.12
Mailchimp for WordPress 4.9.0
Mailchimp for WordPress 4.9.1
Mailchimp for WordPress 4.9.2
Mailchimp for WordPress 4.9.3
Mailchimp for WordPress 4.9.4
Mailchimp for WordPress 4.9.5
Mailchimp for WordPress 4.9.6
Mailchimp for WordPress 4.9.7
Mailchimp for WordPress 4.9.8
Mailchimp for WordPress 4.9.9
Mailchimp for WordPress 4.9.10
Mailchimp for WordPress 4.9.11
Mailchimp for WordPress 4.9.12
Mailchimp for WordPress 4.9.13
Mailchimp for WordPress 4.9.14
Mailchimp for WordPress 4.9.15
Mailchimp for WordPress 4.9.16

XSS in the Popup builder by looking forward

Skrevet den 7. januar 202518. oktober 2025 af i Popup Builder by Forward Looking

Due to insufficient input sanitization and output escaping on user supplied attributes, makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This vulnerability affects the following application versions:

Popup Builder by Forward Looking 3.0.2
Popup Builder by Forward Looking 3.0.3
Popup Builder by Forward Looking 3.0.4
Popup Builder by Forward Looking 3.0.5
Popup Builder by Forward Looking 3.0.6
Popup Builder by Forward Looking 3.0.7
Popup Builder by Forward Looking 3.0.8
Popup Builder by Forward Looking 3.0.9
Popup Builder by Forward Looking 3.0.9.1
Popup Builder by Forward Looking 3.1
Popup Builder by Forward Looking 3.1.1
Popup Builder by Forward Looking 3.1.2
Popup Builder by Forward Looking 3.1.3
Popup Builder by Forward Looking 3.1.4
Popup Builder by Forward Looking 3.1.4.1
Popup Builder by Forward Looking 3.1.5
Popup Builder by Forward Looking 3.1.5.1
Popup Builder by Forward Looking 3.1.5.2
Popup Builder by Forward Looking 3.1.6
Popup Builder by Forward Looking 3.1.6.1
Popup Builder by Forward Looking 3.1.7
Popup Builder by Forward Looking 3.1.7.1
Popup Builder by Forward Looking 3.1.8
Popup Builder by Forward Looking 3.1.9
Popup Builder by Forward Looking 3.2
Popup Builder by Forward Looking 3.3
Popup Builder by Forward Looking 3.4
Popup Builder by Forward Looking 3.7
Popup Builder by Forward Looking 3.7.1
Popup Builder by Forward Looking 3.41
Popup Builder by Forward Looking 3.42
Popup Builder by Forward Looking 3.43
Popup Builder by Forward Looking 3.44
Popup Builder by Forward Looking 3.45
Popup Builder by Forward Looking 3.46
Popup Builder by Forward Looking 3.47
Popup Builder by Forward Looking 3.48
Popup Builder by Forward Looking 3.49
Popup Builder by Forward Looking 3.50
Popup Builder by Forward Looking 3.51
Popup Builder by Forward Looking 3.52
Popup Builder by Forward Looking 3.53
Popup Builder by Forward Looking 3.54
Popup Builder by Forward Looking 3.55
Popup Builder by Forward Looking 3.56
Popup Builder by Forward Looking 3.57
Popup Builder by Forward Looking 3.58
Popup Builder by Forward Looking 3.59
Popup Builder by Forward Looking 3.60
Popup Builder by Forward Looking 3.61
Popup Builder by Forward Looking 3.61.1
Popup Builder by Forward Looking 3.62
Popup Builder by Forward Looking 3.62.1
Popup Builder by Forward Looking 3.63
Popup Builder by Forward Looking 3.64
Popup Builder by Forward Looking 3.64.1
Popup Builder by Forward Looking 3.65
Popup Builder by Forward Looking 3.65.1
Popup Builder by Forward Looking 3.65.2
Popup Builder by Forward Looking 3.66
Popup Builder by Forward Looking 3.67
Popup Builder by Forward Looking 3.68.1
Popup Builder by Forward Looking 3.68.2
Popup Builder by Forward Looking 3.68.3
Popup Builder by Forward Looking 3.68.4
Popup Builder by Forward Looking 3.68.5
Popup Builder by Forward Looking 3.68.5.1
Popup Builder by Forward Looking 3.68.5.2
Popup Builder by Forward Looking 3.69
Popup Builder by Forward Looking 3.69.1
Popup Builder by Forward Looking 3.69.2
Popup Builder by Forward Looking 3.69.3
Popup Builder by Forward Looking 3.69.4
Popup Builder by Forward Looking 3.69.5
Popup Builder by Forward Looking 3.69.6
Popup Builder by Forward Looking 3.71
Popup Builder by Forward Looking 3.72
Popup Builder by Forward Looking 3.73
Popup Builder by Forward Looking 3.74
Popup Builder by Forward Looking 3.75
Popup Builder by Forward Looking 3.76
Popup Builder by Forward Looking 3.77
Popup Builder by Forward Looking 3.78
Popup Builder by Forward Looking 3.79
Popup Builder by Forward Looking 3.81
Popup Builder by Forward Looking 3.82
Popup Builder by Forward Looking 3.83
Popup Builder by Forward Looking 3.84
Popup Builder by Forward Looking 4.0
Popup Builder by Forward Looking 4.0.1
Popup Builder by Forward Looking 4.0.2
Popup Builder by Forward Looking 4.0.3
Popup Builder by Forward Looking 4.0.4
Popup Builder by Forward Looking 4.0.5
Popup Builder by Forward Looking 4.0.6
Popup Builder by Forward Looking 4.0.7
Popup Builder by Forward Looking 4.0.8
Popup Builder by Forward Looking 4.0.9
Popup Builder by Forward Looking 4.1.0
Popup Builder by Forward Looking 4.1.1
Popup Builder by Forward Looking 4.1.2
Popup Builder by Forward Looking 4.1.3
Popup Builder by Forward Looking 4.1.4
Popup Builder by Forward Looking 4.1.5
Popup Builder by Forward Looking 4.1.6
Popup Builder by Forward Looking 4.1.7
Popup Builder by Forward Looking 4.1.8
Popup Builder by Forward Looking 4.1.9
Popup Builder by Forward Looking 4.1.10
Popup Builder by Forward Looking 4.1.11
Popup Builder by Forward Looking 4.1.12
Popup Builder by Forward Looking 4.1.13
Popup Builder by Forward Looking 4.1.14
Popup Builder by Forward Looking 4.1.15
Popup Builder by Forward Looking 4.2.0
Popup Builder by Forward Looking 4.2.2
Popup Builder by Forward Looking 4.2.3
Popup Builder by Forward Looking 4.2.4
Popup Builder by Forward Looking 4.2.5
Popup Builder by Forward Looking 4.2.6
Popup Builder by Forward Looking 4.2.7

Preventing subscribers from performing editor only actions

Skrevet den 10. december 202418. oktober 2025 af i Advanced Custom Fields (ACF)

Certain editor only actions’ permissions are not correctly verified against subscribers performing those actions.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 5.8.1
Advanced Custom Fields (ACF) 5.8.2
Advanced Custom Fields (ACF) 5.8.3
Advanced Custom Fields (ACF) 5.8.4
Advanced Custom Fields (ACF) 5.8.5
Advanced Custom Fields (ACF) 5.8.6
Advanced Custom Fields (ACF) 5.8.7
Advanced Custom Fields (ACF) 5.8.8
Advanced Custom Fields (ACF) 5.8.9
Advanced Custom Fields (ACF) 5.8.10
Advanced Custom Fields (ACF) 5.8.11
Advanced Custom Fields (ACF) 5.8.12
Advanced Custom Fields (ACF) 5.8.13
Advanced Custom Fields (ACF) 5.8.14
Advanced Custom Fields (ACF) 5.9.0
Advanced Custom Fields (ACF) 5.9.1
Advanced Custom Fields (ACF) 5.9.2
Advanced Custom Fields (ACF) 5.9.3
Advanced Custom Fields (ACF) 5.9.4
Advanced Custom Fields (ACF) 5.9.5
Advanced Custom Fields (ACF) 5.9.6
Advanced Custom Fields (ACF) 5.9.7
Advanced Custom Fields (ACF) 5.9.8
Advanced Custom Fields (ACF) 5.9.9
Advanced Custom Fields (ACF) 5.10
Advanced Custom Fields (ACF) 5.10.1
Advanced Custom Fields (ACF) 5.10.2
Advanced Custom Fields (ACF) 5.11
Advanced Custom Fields (ACF) 5.11.1
Advanced Custom Fields (ACF) 5.11.2
Advanced Custom Fields (ACF) 5.11.3
Advanced Custom Fields (ACF) 5.11.4
Advanced Custom Fields (ACF) 5.12
Advanced Custom Fields (ACF) 5.12.1
Advanced Custom Fields (ACF) 5.12.2
Advanced Custom Fields (ACF) 5.12.3
Advanced Custom Fields (ACF) 5.12.4
Advanced Custom Fields (ACF) 5.12.5
Advanced Custom Fields (ACF) 5.12.6
Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1

Authenticated (Admin+) Limited Arbitrary Function Call

Skrevet den 10. december 202411. juni 2025 af i Advanced Custom Fields (ACF)

Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values such as $_POST, $_REQUEST.

Due to insufficient input validation via the ‘register_meta_box_cb’ and ‘meta_box_cb’ parameters parameters, makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary functions, like WordPress functions, in custom post types that will execute whenever a user accesses the injected post type. This can be leveraged to trick other users like administrators accessing posts into performing unauthorized actions through functions, and is not a very serious risk for the vast majority of site owners. Please follow the reference listed in this vulnerability record for instructions on how to update to the latest version of ACF that patches this issue and ensures accessibility to updates moving forward.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1
Advanced Custom Fields (ACF) 6.3.2
Advanced Custom Fields (ACF) 6.3.3
Advanced Custom Fields (ACF) 6.3.4
Advanced Custom Fields (ACF) 6.3.5
Advanced Custom Fields (ACF) 6.3.6
Advanced Custom Fields (ACF) 6.3.6.1
Advanced Custom Fields (ACF) 6.3.6.2

Escaping field labels

Skrevet den 10. december 2024 af i Advanced Custom Fields (ACF)

Field labels are now correctly escaped when rendered in the Field Group editor, to prevent a potential XSS issue.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 6.3.4
Advanced Custom Fields (ACF) 6.3.5

Incorrect permissions when accessing posts using ACF shortcode

Skrevet den 10. december 202418. oktober 2025 af i Advanced Custom Fields (ACF)

Current implementation allows the acf shortcode to access different fields in posts that are not public when you access it form a different post.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1
Advanced Custom Fields (ACF) 6.3.2
Advanced Custom Fields (ACF) 6.3.3

Drupal – gadget chain PHP object injection

Skrevet den 3. december 2024 af i Drupal

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 7.59
Drupal 7.60
Drupal 7.61
Drupal 7.62
Drupal 7.63
Drupal 7.64
Drupal 7.65
Drupal 7.66
Drupal 7.67
Drupal 7.68
Drupal 7.69
Drupal 7.70
Drupal 7.71
Drupal 7.72
Drupal 7.73
Drupal 7.74
Drupal 7.75
Drupal 7.76
Drupal 7.77
Drupal 7.78
Drupal 7.79
Drupal 7.80
Drupal 7.81
Drupal 7.82
Drupal 7.83
Drupal 7.84
Drupal 7.85
Drupal 7.86
Drupal 7.87
Drupal 7.88
Drupal 7.89
Drupal 7.90
Drupal 7.91
Drupal 7.92
Drupal 7.93
Drupal 7.94
Drupal 7.95
Drupal 7.96
Drupal 7.97
Drupal 7.98
Drupal 7.99
Drupal 7.100
Drupal 7.101

Moderately critical – Cross Site Scripting

Skrevet den 27. november 202418. oktober 2025 af i Drupal

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized.

This vulnerability affects the following application versions:

Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7

Drupal core – Critical – Cross Site Scripting

Skrevet den 27. november 2024 af i Drupal

Drupal 7 core’s Overlay module doesn’t safely handle user input, leading to reflected cross-site scripting under certain circumstances.

Only sites with the Overlay module enabled are affected by this vulnerability.

This vulnerability affects the following application versions:

Drupal 7.0
Drupal 7.1
Drupal 7.2
Drupal 7.3
Drupal 7.4
Drupal 7.5
Drupal 7.6
Drupal 7.7
Drupal 7.8
Drupal 7.9
Drupal 7.10
Drupal 7.11
Drupal 7.12
Drupal 7.13
Drupal 7.14
Drupal 7.15
Drupal 7.16
Drupal 7.17
Drupal 7.18
Drupal 7.19
Drupal 7.20
Drupal 7.21
Drupal 7.22
Drupal 7.23
Drupal 7.24
Drupal 7.25
Drupal 7.26
Drupal 7.27
Drupal 7.28
Drupal 7.29
Drupal 7.30
Drupal 7.31
Drupal 7.32
Drupal 7.33
Drupal 7.34
Drupal 7.35
Drupal 7.36
Drupal 7.37
Drupal 7.38
Drupal 7.39
Drupal 7.40
Drupal 7.41
Drupal 7.42
Drupal 7.43
Drupal 7.44
Drupal 7.50
Drupal 7.51
Drupal 7.52
Drupal 7.53
Drupal 7.54
Drupal 7.55
Drupal 7.56
Drupal 7.57
Drupal 7.58
Drupal 7.59
Drupal 7.60
Drupal 7.61
Drupal 7.62
Drupal 7.63
Drupal 7.64
Drupal 7.65
Drupal 7.66
Drupal 7.67
Drupal 7.68
Drupal 7.69
Drupal 7.70
Drupal 7.71
Drupal 7.72
Drupal 7.73
Drupal 7.74
Drupal 7.75
Drupal 7.76
Drupal 7.77
Drupal 7.78
Drupal 7.79
Drupal 7.80
Drupal 7.81
Drupal 7.82
Drupal 7.83
Drupal 7.84
Drupal 7.85
Drupal 7.86
Drupal 7.87
Drupal 7.88
Drupal 7.89
Drupal 7.90
Drupal 7.91
Drupal 7.92
Drupal 7.93
Drupal 7.94
Drupal 7.95
Drupal 7.96
Drupal 7.97
Drupal 7.98
Drupal 7.99
Drupal 7.100
Drupal 7.101

Drupal core – moderately critical – Gadget chain

Skrevet den 27. november 2024 af i Drupal

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8

Drupal core – Gadget Chain – ViewExecutable

Skrevet den 27. november 2024 af i Drupal

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable. SA-CORE-2024-007

This vulnerability affects the following application versions:

Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7

Less critical – Gadget chain

Skrevet den 27. november 202418. oktober 2025 af i Drupal

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

This vulnerability affects the following application versions:

Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7

Access bypass

Skrevet den 27. november 2024 af i Drupal

Drupal’s uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation.

As a result, a user may be able to register with the same email address as another user.

This may lead to data integrity issues.

This vulnerability affects the following application versions:

Drupal 8.0.0
Drupal 8.0.1
Drupal 8.0.2
Drupal 8.0.3
Drupal 8.0.4
Drupal 8.0.5
Drupal 8.0.6
Drupal 8.1.0
Drupal 8.1.1
Drupal 8.1.2
Drupal 8.1.3
Drupal 8.1.4
Drupal 8.1.5
Drupal 8.1.6
Drupal 8.1.7
Drupal 8.1.8
Drupal 8.1.9
Drupal 8.1.10
Drupal 8.2.0
Drupal 8.2.1
Drupal 8.2.2
Drupal 8.2.3
Drupal 8.2.4
Drupal 8.2.5
Drupal 8.2.6
Drupal 8.2.7
Drupal 8.2.8
Drupal 8.3.0
Drupal 8.3.1
Drupal 8.3.2
Drupal 8.3.3
Drupal 8.3.4
Drupal 8.3.5
Drupal 8.3.6
Drupal 8.3.7
Drupal 8.3.8
Drupal 8.3.9
Drupal 8.4.0
Drupal 8.4.1
Drupal 8.4.2
Drupal 8.4.3
Drupal 8.4.4
Drupal 8.4.5
Drupal 8.4.6
Drupal 8.4.7
Drupal 8.4.8
Drupal 8.5.0
Drupal 8.5.1
Drupal 8.5.2
Drupal 8.5.3
Drupal 8.5.4
Drupal 8.5.5
Drupal 8.5.6
Drupal 8.5.7
Drupal 8.5.8
Drupal 8.5.9
Drupal 8.5.10
Drupal 8.5.11
Drupal 8.5.12
Drupal 8.5.13
Drupal 8.5.14
Drupal 8.5.15
Drupal 8.6.0
Drupal 8.6.1
Drupal 8.6.2
Drupal 8.6.3
Drupal 8.6.4
Drupal 8.6.5
Drupal 8.6.6
Drupal 8.6.7
Drupal 8.6.8
Drupal 8.6.9
Drupal 8.6.10
Drupal 8.6.11
Drupal 8.6.12
Drupal 8.6.13
Drupal 8.6.14
Drupal 8.6.15
Drupal 8.6.16
Drupal 8.6.17
Drupal 8.6.18
Drupal 8.7.0
Drupal 8.7.1
Drupal 8.7.2
Drupal 8.7.3
Drupal 8.7.4
Drupal 8.7.5
Drupal 8.7.6
Drupal 8.7.7
Drupal 8.7.8
Drupal 8.7.9
Drupal 8.7.10
Drupal 8.7.11
Drupal 8.7.12
Drupal 8.7.13
Drupal 8.7.14
Drupal 8.8.0
Drupal 8.8.1
Drupal 8.8.2
Drupal 8.8.3
Drupal 8.8.4
Drupal 8.8.5
Drupal 8.8.6
Drupal 8.8.7
Drupal 8.8.8
Drupal 8.8.9
Drupal 8.8.10
Drupal 8.8.11
Drupal 8.8.12
Drupal 8.9.0
Drupal 8.9.1
Drupal 8.9.2
Drupal 8.9.3
Drupal 8.9.4
Drupal 8.9.5
Drupal 8.9.6
Drupal 8.9.7
Drupal 8.9.8
Drupal 8.9.9
Drupal 8.9.10
Drupal 8.9.11
Drupal 8.9.12
Drupal 8.9.13
Drupal 8.9.14
Drupal 8.9.15
Drupal 8.9.16
Drupal 8.9.17
Drupal 8.9.18
Drupal 8.9.19
Drupal 8.9.20
Drupal 9.0.0
Drupal 9.0.1
Drupal 9.0.2
Drupal 9.0.3
Drupal 9.0.4
Drupal 9.0.5
Drupal 9.0.6
Drupal 9.0.7
Drupal 9.0.8
Drupal 9.0.9
Drupal 9.0.10
Drupal 9.0.11
Drupal 9.0.12
Drupal 9.0.13
Drupal 9.0.14
Drupal 9.1.0
Drupal 9.1.1
Drupal 9.1.2
Drupal 9.1.3
Drupal 9.1.4
Drupal 9.1.5
Drupal 9.1.6
Drupal 9.1.7
Drupal 9.1.8
Drupal 9.1.9
Drupal 9.1.10
Drupal 9.1.11
Drupal 9.1.12
Drupal 9.1.13
Drupal 9.1.14
Drupal 9.1.15
Drupal 9.2.0
Drupal 9.2.1
Drupal 9.2.2
Drupal 9.2.3
Drupal 9.2.4
Drupal 9.2.5
Drupal 9.2.6
Drupal 9.2.7
Drupal 9.2.8
Drupal 9.2.9
Drupal 9.2.10
Drupal 9.2.11
Drupal 9.2.12
Drupal 9.2.13
Drupal 9.2.14
Drupal 9.2.15
Drupal 9.2.16
Drupal 9.2.17
Drupal 9.2.18
Drupal 9.2.19
Drupal 9.2.20
Drupal 9.2.21
Drupal 9.3.0
Drupal 9.3.1
Drupal 9.3.2
Drupal 9.3.3
Drupal 9.3.4
Drupal 9.3.5
Drupal 9.3.6
Drupal 9.3.7
Drupal 9.3.8
Drupal 9.3.9
Drupal 9.3.10
Drupal 9.3.11
Drupal 9.3.12
Drupal 9.3.13
Drupal 9.3.14
Drupal 9.3.15
Drupal 9.3.16
Drupal 9.3.17
Drupal 9.3.18
Drupal 9.3.19
Drupal 9.3.20
Drupal 9.3.21
Drupal 9.3.22
Drupal 9.4.0
Drupal 9.4.1
Drupal 9.4.2
Drupal 9.4.3
Drupal 9.4.4
Drupal 9.4.5
Drupal 9.4.6
Drupal 9.4.7
Drupal 9.4.8
Drupal 9.4.9
Drupal 9.4.10
Drupal 9.4.11
Drupal 9.4.12
Drupal 9.4.13
Drupal 9.4.14
Drupal 9.4.15
Drupal 9.5.0
Drupal 9.5.1
Drupal 9.5.2
Drupal 9.5.3
Drupal 9.5.4
Drupal 9.5.5
Drupal 9.5.6
Drupal 9.5.7
Drupal 9.5.8
Drupal 9.5.9
Drupal 9.5.10
Drupal 9.5.11
Drupal 10.0.0
Drupal 10.0.1
Drupal 10.0.2
Drupal 10.0.3
Drupal 10.0.4
Drupal 10.0.5
Drupal 10.0.6
Drupal 10.0.7
Drupal 10.0.8
Drupal 10.0.9
Drupal 10.0.10
Drupal 10.0.11
Drupal 10.1.0
Drupal 10.1.1
Drupal 10.1.2
Drupal 10.1.3
Drupal 10.1.4
Drupal 10.1.5
Drupal 10.1.6
Drupal 10.1.7
Drupal 10.1.8
Drupal 10.2.0
Drupal 10.2.1
Drupal 10.2.2
Drupal 10.2.3
Drupal 10.2.4
Drupal 10.2.5
Drupal 10.2.6
Drupal 10.2.7
Drupal 10.2.8
Drupal 10.2.9
Drupal 10.2.10
Drupal 10.3.0
Drupal 10.3.1
Drupal 10.3.2
Drupal 10.3.3
Drupal 10.3.4
Drupal 10.3.5
Drupal 10.3.6
Drupal 10.3.7
Drupal 10.3.8
Drupal 11.0.0
Drupal 11.0.1
Drupal 11.0.2
Drupal 11.0.3
Drupal 11.0.4
Drupal 11.0.5
Drupal 11.0.6
Drupal 11.0.7

XSS attack in Insert headers and footers in the icons

Skrevet den 25. november 202418. oktober 2025 af i WPCode – Insert Headers and Footers

The icons’s height and width of the headers and footers are not properly escaped to prevent an XSS attack.

This vulnerability affects the following application versions:

WPCode – Insert Headers and Footers 2.0.0
WPCode – Insert Headers and Footers 2.0.1
WPCode – Insert Headers and Footers 2.0.2
WPCode – Insert Headers and Footers 2.0.3
WPCode – Insert Headers and Footers 2.0.4
WPCode – Insert Headers and Footers 2.0.4.1
WPCode – Insert Headers and Footers 2.0.4.2
WPCode – Insert Headers and Footers 2.0.4.3
WPCode – Insert Headers and Footers 2.0.4.4
WPCode – Insert Headers and Footers 2.0.5
WPCode – Insert Headers and Footers 2.0.6
WPCode – Insert Headers and Footers 2.0.7
WPCode – Insert Headers and Footers 2.0.8
WPCode – Insert Headers and Footers 2.0.8.1
WPCode – Insert Headers and Footers 2.0.9
WPCode – Insert Headers and Footers 2.0.10
WPCode – Insert Headers and Footers 2.0.11
WPCode – Insert Headers and Footers 2.0.12
WPCode – Insert Headers and Footers 2.0.13
WPCode – Insert Headers and Footers 2.0.13.1
WPCode – Insert Headers and Footers 2.1.0
WPCode – Insert Headers and Footers 2.1.1
WPCode – Insert Headers and Footers 2.1.2
WPCode – Insert Headers and Footers 2.1.3
WPCode – Insert Headers and Footers 2.1.3.1
WPCode – Insert Headers and Footers 2.1.4
WPCode – Insert Headers and Footers 2.1.4.1
WPCode – Insert Headers and Footers 2.1.5
WPCode – Insert Headers and Footers 2.1.6
WPCode – Insert Headers and Footers 2.1.7
WPCode – Insert Headers and Footers 2.1.8

XSS injection in Metabox Row

Skrevet den 25. november 202418. oktober 2025 af i WPCode – Insert Headers and Footers

Cross Site Scripting vector available when user-provided data is directly inserted into HTML attributes without sanitization or escaping .

This vulnerability affects the following application versions:

WPCode – Insert Headers and Footers 2.0.0
WPCode – Insert Headers and Footers 2.0.1
WPCode – Insert Headers and Footers 2.0.2
WPCode – Insert Headers and Footers 2.0.3
WPCode – Insert Headers and Footers 2.0.4
WPCode – Insert Headers and Footers 2.0.4.1
WPCode – Insert Headers and Footers 2.0.4.2
WPCode – Insert Headers and Footers 2.0.4.3
WPCode – Insert Headers and Footers 2.0.4.4
WPCode – Insert Headers and Footers 2.0.5
WPCode – Insert Headers and Footers 2.0.6
WPCode – Insert Headers and Footers 2.0.7
WPCode – Insert Headers and Footers 2.0.8
WPCode – Insert Headers and Footers 2.0.8.1
WPCode – Insert Headers and Footers 2.0.9
WPCode – Insert Headers and Footers 2.0.10
WPCode – Insert Headers and Footers 2.0.11
WPCode – Insert Headers and Footers 2.0.12
WPCode – Insert Headers and Footers 2.0.13
WPCode – Insert Headers and Footers 2.0.13.1
WPCode – Insert Headers and Footers 2.1.0
WPCode – Insert Headers and Footers 2.1.1
WPCode – Insert Headers and Footers 2.1.2
WPCode – Insert Headers and Footers 2.1.3
WPCode – Insert Headers and Footers 2.1.3.1
WPCode – Insert Headers and Footers 2.1.4
WPCode – Insert Headers and Footers 2.1.4.1
WPCode – Insert Headers and Footers 2.1.5
WPCode – Insert Headers and Footers 2.1.6
WPCode – Insert Headers and Footers 2.1.7
WPCode – Insert Headers and Footers 2.1.8
WPCode – Insert Headers and Footers 2.1.9
WPCode – Insert Headers and Footers 2.1.10

XSS in tooltip of advanced custom field

Skrevet den 25. november 202418. oktober 2025 af i Advanced Custom Fields (ACF)

The instruction for the helper/tooltip are not properly escaped to prevent an XSS attack.

This vulnerability affects the following application versions:

Advanced Custom Fields (ACF) 6.0.0
Advanced Custom Fields (ACF) 6.0.1
Advanced Custom Fields (ACF) 6.0.2
Advanced Custom Fields (ACF) 6.0.3
Advanced Custom Fields (ACF) 6.0.4
Advanced Custom Fields (ACF) 6.0.5
Advanced Custom Fields (ACF) 6.0.6
Advanced Custom Fields (ACF) 6.0.7
Advanced Custom Fields (ACF) 6.1.0
Advanced Custom Fields (ACF) 6.1.1
Advanced Custom Fields (ACF) 6.1.2
Advanced Custom Fields (ACF) 6.1.3
Advanced Custom Fields (ACF) 6.1.4
Advanced Custom Fields (ACF) 6.1.5
Advanced Custom Fields (ACF) 6.1.6
Advanced Custom Fields (ACF) 6.1.7
Advanced Custom Fields (ACF) 6.1.8
Advanced Custom Fields (ACF) 6.2.0
Advanced Custom Fields (ACF) 6.2.1
Advanced Custom Fields (ACF) 6.2.2
Advanced Custom Fields (ACF) 6.2.3
Advanced Custom Fields (ACF) 6.2.4
Advanced Custom Fields (ACF) 6.2.5
Advanced Custom Fields (ACF) 6.2.6
Advanced Custom Fields (ACF) 6.2.6.1
Advanced Custom Fields (ACF) 6.2.7
Advanced Custom Fields (ACF) 6.2.8
Advanced Custom Fields (ACF) 6.2.9
Advanced Custom Fields (ACF) 6.3.0
Advanced Custom Fields (ACF) 6.3.1

XSS in the auto insert site wide

Skrevet den 25. november 202418. oktober 2025 af i WPCode – Insert Headers and Footers

Security improvement to prevent XSS attacks by escaping the output.

This vulnerability affects the following application versions:

WPCode – Insert Headers and Footers 2.0.0
WPCode – Insert Headers and Footers 2.0.1
WPCode – Insert Headers and Footers 2.0.2
WPCode – Insert Headers and Footers 2.0.3
WPCode – Insert Headers and Footers 2.0.4
WPCode – Insert Headers and Footers 2.0.4.1
WPCode – Insert Headers and Footers 2.0.4.2
WPCode – Insert Headers and Footers 2.0.4.3
WPCode – Insert Headers and Footers 2.0.4.4
WPCode – Insert Headers and Footers 2.0.5
WPCode – Insert Headers and Footers 2.0.6
WPCode – Insert Headers and Footers 2.0.7
WPCode – Insert Headers and Footers 2.0.8
WPCode – Insert Headers and Footers 2.0.8.1
WPCode – Insert Headers and Footers 2.0.9
WPCode – Insert Headers and Footers 2.0.10
WPCode – Insert Headers and Footers 2.0.11
WPCode – Insert Headers and Footers 2.0.12
WPCode – Insert Headers and Footers 2.0.13
WPCode – Insert Headers and Footers 2.0.13.1
WPCode – Insert Headers and Footers 2.1.0
WPCode – Insert Headers and Footers 2.1.1
WPCode – Insert Headers and Footers 2.1.2
WPCode – Insert Headers and Footers 2.1.3
WPCode – Insert Headers and Footers 2.1.3.1
WPCode – Insert Headers and Footers 2.1.4
WPCode – Insert Headers and Footers 2.1.4.1
WPCode – Insert Headers and Footers 2.1.5
WPCode – Insert Headers and Footers 2.1.6
WPCode – Insert Headers and Footers 2.1.7
WPCode – Insert Headers and Footers 2.1.8
WPCode – Insert Headers and Footers 2.1.9
WPCode – Insert Headers and Footers 2.1.10
WPCode – Insert Headers and Footers 2.1.11
WPCode – Insert Headers and Footers 2.1.12

Authenticated (Admin+) Stored Cross-Site Scripting

Skrevet den 25. november 202411. juni 2025 af i Cookie Notice & Compliance for GDPR / CCPA

Due to insufficient input sanitization and output escaping, makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

This vulnerability affects the following application versions: