Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    198 vulnerabilities by wpdevteam

    CVE-2026-10833 (GCVE-0-2026-10833)

    Vulnerability from nvd – Published: 2026-06-25 03:42 – Updated: 2026-06-25 12:27
    VLAI
    Title
    Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute
    Summary
    The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Viet Anh Ngo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:27:30.981466Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:27:38.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Viet Anh Ngo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027configurablePrefix\u0027 Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T03:42:20.497Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0efe8bbd-c1c9-48ed-adab-34c0ac3da8bf?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/includes/Blocks/TableOfContents.php#L245"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/includes/Blocks/TableOfContents.php#L425"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/src/blocks/table-of-contents/src/frontend.js#L448"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-14T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-06-04T10:44:41.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-24T14:50:31.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks \u0026 Patterns \u003c= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027configurablePrefix\u0027 Block Attribute"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-10833",
        "datePublished": "2026-06-25T03:42:20.497Z",
        "dateReserved": "2026-06-04T10:27:28.810Z",
        "dateUpdated": "2026-06-25T12:27:38.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12157 (GCVE-0-2026-12157)

    Vulnerability from nvd – Published: 2026-06-19 04:31 – Updated: 2026-06-22 12:52
    VLAI
    Title
    BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute
    Summary
    The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Smidi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T12:51:49.932223Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T12:52:02.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Smidi"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs - Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T04:31:32.712Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81f61ef0-b3c7-4c69-bd18-5e5f0ea09abc?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.5.3/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L97"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.5.3/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.12/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L97"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.12/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3576713%40betterdocs\u0026new=3576713%40betterdocs\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-12T18:42:50.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-18T15:43:58.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027blockId\u0027 Block Attribute"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-12157",
        "datePublished": "2026-06-19T04:31:32.712Z",
        "dateReserved": "2026-06-12T18:27:41.912Z",
        "dateUpdated": "2026-06-22T12:52:02.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7796 (GCVE-0-2026-7796)

    Vulnerability from nvd – Published: 2026-06-06 02:28 – Updated: 2026-06-06 11:47
    VLAI
    Title
    EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute
    Summary
    The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Credits
    Jangwoo Choi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-06T11:38:26.227503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-06T11:47:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EmbedPress \u2013 PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds \u0026 more",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jangwoo Choi"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The EmbedPress \u2013 PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds \u0026 more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block \u0027url\u0027 attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T02:28:36.449Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0b5b6bc-5f4f-4cf8-987e-b20e8354d863?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/trunk/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L1181"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.5.1/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L1181"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/trunk/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.5.1/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/trunk/EmbedPress/Includes/Classes/Helper.php#L1659"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.5.1/EmbedPress/Includes/Classes/Helper.php#L1659"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.4.11/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L1181"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.4.11/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.4.11/EmbedPress/Includes/Classes/Helper.php#L1659"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3546981%40embedpress\u0026new=3546981%40embedpress\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-04T19:23:19.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-05T14:17:32.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "EmbedPress \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block \u0027url\u0027 Attribute"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-7796",
        "datePublished": "2026-06-06T02:28:36.449Z",
        "dateReserved": "2026-05-04T19:08:09.496Z",
        "dateUpdated": "2026-06-06T11:47:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7665 (GCVE-0-2026-7665)

    Vulnerability from nvd – Published: 2026-06-06 02:28 – Updated: 2026-06-06 11:47
    VLAI
    Title
    Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
    Summary
    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Credits
    Anirudh Makkar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7665",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-06T11:38:20.678625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-06T11:47:54.832Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anirudh Makkar"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T02:28:36.091Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/861ece65-bee7-4124-b1a8-de9fb0c1cbc7?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L292"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L292"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L1601"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L1601"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L106"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L106"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L197"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L197"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L292"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L1601"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L106"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L197"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3541534%40essential-addons-for-elementor-lite\u0026new=3541534%40essential-addons-for-elementor-lite\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-01T20:05:03.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-05T14:25:47.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u003c= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via \u0027load_more\u0027 AJAX Handler"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-7665",
        "datePublished": "2026-06-06T02:28:36.091Z",
        "dateReserved": "2026-05-01T19:49:55.131Z",
        "dateUpdated": "2026-06-06T11:47:54.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10586 (GCVE-0-2026-10586)

    Vulnerability from nvd – Published: 2026-06-04 23:28 – Updated: 2026-06-12 16:08
    VLAI
    Title
    Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery
    Summary
    The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Credits
    Shambles
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T16:08:33.293428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T16:08:43.717Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shambles"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T23:28:52.002Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08906577-162c-4875-b16c-18d4912c2611?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.3/includes/Integrations/AI/AI.php#L171"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-02T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-06-01T19:42:41.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-04T10:40:13.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns \u003c= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-10586",
        "datePublished": "2026-06-04T23:28:52.002Z",
        "dateReserved": "2026-06-01T19:26:38.526Z",
        "dateUpdated": "2026-06-12T16:08:43.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5193 (GCVE-0-2026-5193)

    Vulnerability from nvd – Published: 2026-05-14 06:44 – Updated: 2026-05-14 10:45
    VLAI
    Title
    Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user
    Summary
    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Credits
    Athiwat Tiprasaharn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T10:40:16.446816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T10:45:23.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the \u0027register_user\u0027 function, which only blocks the \u0027administrator\u0027 role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T06:44:10.076Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22930940-8e2c-446a-954c-90d617f3ca6d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3499726/essential-addons-for-elementor-lite/trunk/includes/Traits/Login_Registration.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-03-30T21:34:47.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-05-13T18:07:43.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets \u003c= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-5193",
        "datePublished": "2026-05-14T06:44:10.076Z",
        "dateReserved": "2026-03-30T21:18:50.734Z",
        "dateUpdated": "2026-05-14T10:45:23.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4658 (GCVE-0-2026-4658)

    Vulnerability from nvd – Published: 2026-05-02 04:27 – Updated: 2026-05-04 16:03
    VLAI
    Title
    Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
    Summary
    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block (essential-blocks/add-to-cart) in all versions up to, and including, 6.0.4. This is due to insufficient output escaping in the render_callback() function where these attributes are placed into class and data-id HTML attributes using raw sprintf() and implode() without esc_attr() escaping. While the outer wrapper div uses get_block_wrapper_attributes() which properly escapes, the inner divs do not. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Jack Pas darkestmode
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T16:01:40.831167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T16:03:39.376Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jack Pas"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "darkestmode"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns \u0026 Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block (essential-blocks/add-to-cart) in all versions up to, and including, 6.0.4. This is due to insufficient output escaping in the render_callback() function where these attributes are placed into class and data-id HTML attributes using raw sprintf() and implode() without esc_attr() escaping. While the outer wrapper div uses get_block_wrapper_attributes() which properly escapes, the inner divs do not. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T04:27:44.707Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e7eed9d-2d44-4951-b66b-7d8995ca617d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L118"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L118"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L120"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L120"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L65"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L65"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3516287%40essential-blocks%2Ftags%2F6.1.0%2Fincludes%2FBlocks%2FAddToCart.php\u0026old=3178777%40essential-blocks%2Ftrunk%2Fincludes%2FBlocks%2FAddToCart.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T15:53:08.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-05-01T16:12:21.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Gutenberg Essential Blocks \u003c= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-4658",
        "datePublished": "2026-05-02T04:27:44.707Z",
        "dateReserved": "2026-03-23T15:37:56.964Z",
        "dateUpdated": "2026-05-04T16:03:39.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6393 (GCVE-0-2026-6393)

    Vulnerability from nvd – Published: 2026-04-24 03:27 – Updated: 2026-04-24 10:46
    VLAI
    Title
    BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage
    Summary
    The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site's configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner's paid AI API quota.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Phú
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T10:46:06.950400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T10:46:24.083Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ph\u00fa"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site\u0027s configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner\u0027s paid AI API quota."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-24T03:27:05.541Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/432b11be-174d-45d6-aa3b-2fbfa85ec17a?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/trunk/includes/Core/WriteWithAI.php#L138"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.6/includes/Core/WriteWithAI.php#L138"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/trunk/includes/Core/WriteWithAI.php#L31"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.6/includes/Core/WriteWithAI.php#L31"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3512640%40betterdocs\u0026new=3512640%40betterdocs\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-15T20:23:25.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-04-23T14:45:35.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6393",
        "datePublished": "2026-04-24T03:27:05.541Z",
        "dateReserved": "2026-04-15T20:07:58.184Z",
        "dateUpdated": "2026-04-24T10:46:24.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3875 (GCVE-0-2026-3875)

    Vulnerability from nvd – Published: 2026-04-16 06:44 – Updated: 2026-04-16 13:41
    VLAI
    Title
    BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
    Summary
    The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Muhammad Yudha - DJ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3875",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T13:41:16.621075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T13:41:59.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Yudha - DJ"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027betterdocs_feedback_form\u0027 shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T06:44:51.744Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7e4c3c-a12e-4b11-9673-79a7060052a8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?old_path=betterdocs/tags/4.3.8/views/shortcodes/feedback-form.php\u0026new_path=betterdocs/tags/4.3.9/views/shortcodes/feedback-form.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-26T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-03-10T10:53:09.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-04-15T18:25:01.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-3875",
        "datePublished": "2026-04-16T06:44:51.744Z",
        "dateReserved": "2026-03-10T10:33:26.535Z",
        "dateUpdated": "2026-04-16T13:41:59.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1512 (GCVE-0-2026-1512)

    Vulnerability from nvd – Published: 2026-02-14 09:49 – Updated: 2026-04-08 17:26
    VLAI
    Title
    Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget
    Summary
    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    knani alaaeddine
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T15:36:22.204741Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T15:44:02.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "knani alaaeddine"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:26:18.987Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d652f383-ca3d-440e-a30f-64a50efd65e1?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3456806/essential-addons-for-elementor-lite/tags/6.5.10/includes/Elements/Info_Box.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-27T23:14:09.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-02-13T21:37:33.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u003c= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-1512",
        "datePublished": "2026-02-14T09:49:39.256Z",
        "dateReserved": "2026-01-27T22:58:33.198Z",
        "dateUpdated": "2026-04-08T17:26:18.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0554 (GCVE-0-2026-0554)

    Vulnerability from nvd – Published: 2026-01-20 14:26 – Updated: 2026-04-08 17:29
    VLAI
    Title
    NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset
    Summary
    The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset analytics for any NotificationX campaign, regardless of ownership.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T14:46:11.424620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T14:47:07.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner \u0026 Floating Notification Bar",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027regenerate\u0027 and \u0027reset\u0027 REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset analytics for any NotificationX campaign, regardless of ownership."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:29:28.505Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3cd843b-ab38-45c4-a661-78d4e6db5201?source=cve"
            },
            {
              "url": "https://research.cleantalk.org/cve-2026-0554"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3433555%40notificationx\u0026old=3426659%40notificationx\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-24T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-01T20:48:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-20T01:50:24.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "NotificationX \u003c= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0554",
        "datePublished": "2026-01-20T14:26:34.215Z",
        "dateReserved": "2026-01-01T20:31:15.582Z",
        "dateUpdated": "2026-04-08T17:29:28.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15380 (GCVE-0-2025-15380)

    Vulnerability from nvd – Published: 2026-01-20 14:26 – Updated: 2026-04-08 17:11
    VLAI
    Title
    NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'
    Summary
    The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. This is due to insufficient input sanitization and output escaping when processing preview data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute when a user visits a malicious page that auto-submits a form to the vulnerable site.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T14:48:09.377792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T14:48:22.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner \u0026 Floating Notification Bar",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner \u0026 Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the \u0027nx-preview\u0027 POST parameter in all versions up to, and including, 3.2.0. This is due to insufficient input sanitization and output escaping when processing preview data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute when a user visits a malicious page that auto-submits a form to the vulnerable site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:27.627Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ca12315-380b-4251-b637-4e9d29df35e0?source=cve"
            },
            {
              "url": "https://research.cleantalk.org/cve-2025-15380/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3433555%40notificationx\u0026old=3426659%40notificationx\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-23T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-12-30T22:14:52.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-20T01:49:23.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "NotificationX \u003c= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via \u0027nx-preview\u0027"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-15380",
        "datePublished": "2026-01-20T14:26:33.859Z",
        "dateReserved": "2025-12-30T21:36:36.412Z",
        "dateUpdated": "2026-04-08T17:11:27.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1004 (GCVE-0-2026-1004)

    Vulnerability from nvd – Published: 2026-01-16 08:23 – Updated: 2026-04-08 16:33
    VLAI
    Title
    Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure
    Summary
    The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    shrikant bhosale
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T13:44:25.467607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T13:44:34.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "shrikant bhosale"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the \u0027eael_product_quickview_popup\u0027 function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:33:51.372Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef9a21-e2b9-40c7-9de5-cff175fa10a5?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L820"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L64"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L65"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L832"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L1439"
            },
            {
              "url": "https://github.com/WPDevelopers/essential-addons-for-elementor-lite/commit/4e43db06bcf12870cc3b185ed59b3fe2cd227945"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-05T20:59:27.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-15T20:04:09.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u003c= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-1004",
        "datePublished": "2026-01-16T08:23:37.542Z",
        "dateReserved": "2026-01-15T20:03:46.612Z",
        "dateUpdated": "2026-04-08T16:33:51.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0831 (GCVE-0-2026-0831)

    Vulnerability from nvd – Published: 2026-01-10 09:22 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write
    Summary
    The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Credits
    M Indra Purnama
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T13:07:30.520778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T13:09:57.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Templately \u2013 Elementor \u0026 Gutenberg Template Library: 6500+ Free \u0026 Pro Ready Templates And Cloud!",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "M Indra Purnama"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:43.379Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3426051/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T23:25:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-09T20:32:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Templately \u003c= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0831",
        "datePublished": "2026-01-10T09:22:18.126Z",
        "dateReserved": "2026-01-09T20:31:20.483Z",
        "dateUpdated": "2026-04-08T17:01:43.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14980 (GCVE-0-2025-14980)

    Vulnerability from nvd – Published: 2026-01-09 06:34 – Updated: 2026-04-08 16:36
    VLAI
    Title
    BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure
    Summary
    The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T18:24:31.739287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T18:24:39.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:36:59.020Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1595f231-d300-484a-a0e1-1e2bc7b82ed3?source=cve"
            },
            {
              "url": "https://research.cleantalk.org/cve-2025-14980/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3430424%40betterdocs%2Ftags%2F4.3.4\u0026old=3422660%40betterdocs%2Ftrunk"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-18T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-12-19T16:46:46.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-08T17:52:33.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-14980",
        "datePublished": "2026-01-09T06:34:52.906Z",
        "dateReserved": "2025-12-19T16:27:14.224Z",
        "dateUpdated": "2026-04-08T16:36:59.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10833 (GCVE-0-2026-10833)

    Vulnerability from cvelistv5 – Published: 2026-06-25 03:42 – Updated: 2026-06-25 12:27
    VLAI
    Title
    Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute
    Summary
    The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Viet Anh Ngo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:27:30.981466Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:27:38.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Viet Anh Ngo"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027configurablePrefix\u0027 Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T03:42:20.497Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0efe8bbd-c1c9-48ed-adab-34c0ac3da8bf?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/includes/Blocks/TableOfContents.php#L245"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/includes/Blocks/TableOfContents.php#L425"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.4/src/blocks/table-of-contents/src/frontend.js#L448"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-14T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-06-04T10:44:41.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-24T14:50:31.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks \u0026 Patterns \u003c= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027configurablePrefix\u0027 Block Attribute"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-10833",
        "datePublished": "2026-06-25T03:42:20.497Z",
        "dateReserved": "2026-06-04T10:27:28.810Z",
        "dateUpdated": "2026-06-25T12:27:38.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12157 (GCVE-0-2026-12157)

    Vulnerability from cvelistv5 – Published: 2026-06-19 04:31 – Updated: 2026-06-22 12:52
    VLAI
    Title
    BetterDocs <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'blockId' Block Attribute
    Summary
    The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Smidi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T12:51:49.932223Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T12:52:02.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Smidi"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs - Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId attribute of the betterdocs/category-slate-layout Gutenberg block in versions up to, and including, 4.5.3. This is due to insufficient input sanitization and output escaping in the CategorySlateLayout::render() method, which echoes the blockId block attribute directly into an HTML class attribute without esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T04:31:32.712Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81f61ef0-b3c7-4c69-bd18-5e5f0ea09abc?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.5.3/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L97"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.5.3/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.12/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L97"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.12/includes/Editors/BlockEditor/Blocks/CategorySlateLayout.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3576713%40betterdocs\u0026new=3576713%40betterdocs\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-12T18:42:50.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-18T15:43:58.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027blockId\u0027 Block Attribute"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-12157",
        "datePublished": "2026-06-19T04:31:32.712Z",
        "dateReserved": "2026-06-12T18:27:41.912Z",
        "dateUpdated": "2026-06-22T12:52:02.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7796 (GCVE-0-2026-7796)

    Vulnerability from cvelistv5 – Published: 2026-06-06 02:28 – Updated: 2026-06-06 11:47
    VLAI
    Title
    EmbedPress <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block 'url' Attribute
    Summary
    The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Credits
    Jangwoo Choi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-06T11:38:26.227503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-06T11:47:40.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EmbedPress \u2013 PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds \u0026 more",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jangwoo Choi"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The EmbedPress \u2013 PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds \u0026 more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block \u0027url\u0027 attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T02:28:36.449Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0b5b6bc-5f4f-4cf8-987e-b20e8354d863?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/trunk/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L1181"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.5.1/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L1181"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/trunk/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.5.1/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/trunk/EmbedPress/Includes/Classes/Helper.php#L1659"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.5.1/EmbedPress/Includes/Classes/Helper.php#L1659"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.4.11/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L1181"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.4.11/EmbedPress/Gutenberg/EmbedPressBlockRenderer.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/embedpress/tags/4.4.11/EmbedPress/Includes/Classes/Helper.php#L1659"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3546981%40embedpress\u0026new=3546981%40embedpress\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-04T19:23:19.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-05T14:17:32.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "EmbedPress \u003c= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block \u0027url\u0027 Attribute"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-7796",
        "datePublished": "2026-06-06T02:28:36.449Z",
        "dateReserved": "2026-05-04T19:08:09.496Z",
        "dateUpdated": "2026-06-06T11:47:40.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7665 (GCVE-0-2026-7665)

    Vulnerability from cvelistv5 – Published: 2026-06-06 02:28 – Updated: 2026-06-06 11:47
    VLAI
    Title
    Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
    Summary
    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Credits
    Anirudh Makkar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7665",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-06T11:38:20.678625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-06T11:47:54.832Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anirudh Makkar"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-06T02:28:36.091Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/861ece65-bee7-4124-b1a8-de9fb0c1cbc7?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L292"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L292"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L1601"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L1601"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L106"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L106"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L197"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L197"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L292"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L1601"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L106"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L197"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3541534%40essential-addons-for-elementor-lite\u0026new=3541534%40essential-addons-for-elementor-lite\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-01T20:05:03.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-05T14:25:47.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u003c= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via \u0027load_more\u0027 AJAX Handler"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-7665",
        "datePublished": "2026-06-06T02:28:36.091Z",
        "dateReserved": "2026-05-01T19:49:55.131Z",
        "dateUpdated": "2026-06-06T11:47:54.832Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10586 (GCVE-0-2026-10586)

    Vulnerability from cvelistv5 – Published: 2026-06-04 23:28 – Updated: 2026-06-12 16:08
    VLAI
    Title
    Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery
    Summary
    The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Credits
    Shambles
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T16:08:33.293428Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T16:08:43.717Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shambles"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-04T23:28:52.002Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08906577-162c-4875-b16c-18d4912c2611?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.1.3/includes/Integrations/AI/AI.php#L171"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-02T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-06-01T19:42:41.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-06-04T10:40:13.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns \u003c= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-10586",
        "datePublished": "2026-06-04T23:28:52.002Z",
        "dateReserved": "2026-06-01T19:26:38.526Z",
        "dateUpdated": "2026-06-12T16:08:43.717Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5193 (GCVE-0-2026-5193)

    Vulnerability from cvelistv5 – Published: 2026-05-14 06:44 – Updated: 2026-05-14 10:45
    VLAI
    Title
    Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user
    Summary
    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Credits
    Athiwat Tiprasaharn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T10:40:16.446816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T10:45:23.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the \u0027register_user\u0027 function, which only blocks the \u0027administrator\u0027 role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T06:44:10.076Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22930940-8e2c-446a-954c-90d617f3ca6d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3499726/essential-addons-for-elementor-lite/trunk/includes/Traits/Login_Registration.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-03-30T21:34:47.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-05-13T18:07:43.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets \u003c= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-5193",
        "datePublished": "2026-05-14T06:44:10.076Z",
        "dateReserved": "2026-03-30T21:18:50.734Z",
        "dateUpdated": "2026-05-14T10:45:23.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4658 (GCVE-0-2026-4658)

    Vulnerability from cvelistv5 – Published: 2026-05-02 04:27 – Updated: 2026-05-04 16:03
    VLAI
    Title
    Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
    Summary
    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block (essential-blocks/add-to-cart) in all versions up to, and including, 6.0.4. This is due to insufficient output escaping in the render_callback() function where these attributes are placed into class and data-id HTML attributes using raw sprintf() and implode() without esc_attr() escaping. While the outer wrapper div uses get_block_wrapper_attributes() which properly escapes, the inner divs do not. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Jack Pas darkestmode
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T16:01:40.831167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T16:03:39.376Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Blocks \u0026 Patterns",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jack Pas"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "darkestmode"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns \u0026 Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block (essential-blocks/add-to-cart) in all versions up to, and including, 6.0.4. This is due to insufficient output escaping in the render_callback() function where these attributes are placed into class and data-id HTML attributes using raw sprintf() and implode() without esc_attr() escaping. While the outer wrapper div uses get_block_wrapper_attributes() which properly escapes, the inner divs do not. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T04:27:44.707Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3e7eed9d-2d44-4951-b66b-7d8995ca617d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L118"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L118"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L120"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L120"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L65"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L65"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/Blocks/AddToCart.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-blocks/tags/6.0.4/includes/Blocks/AddToCart.php#L66"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3516287%40essential-blocks%2Ftags%2F6.1.0%2Fincludes%2FBlocks%2FAddToCart.php\u0026old=3178777%40essential-blocks%2Ftrunk%2Fincludes%2FBlocks%2FAddToCart.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-23T15:53:08.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-05-01T16:12:21.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Gutenberg Essential Blocks \u003c= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-4658",
        "datePublished": "2026-05-02T04:27:44.707Z",
        "dateReserved": "2026-03-23T15:37:56.964Z",
        "dateUpdated": "2026-05-04T16:03:39.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6393 (GCVE-0-2026-6393)

    Vulnerability from cvelistv5 – Published: 2026-04-24 03:27 – Updated: 2026-04-24 10:46
    VLAI
    Title
    BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage
    Summary
    The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site's configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner's paid AI API quota.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Phú
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T10:46:06.950400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T10:46:24.083Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ph\u00fa"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() function, which relies solely on a nonce rather than verifying user permissions. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger OpenAI API calls using the site\u0027s configured API key with arbitrary user-controlled prompts, leading to unauthorized consumption of the site owner\u0027s paid AI API quota."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-24T03:27:05.541Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/432b11be-174d-45d6-aa3b-2fbfa85ec17a?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/trunk/includes/Core/WriteWithAI.php#L138"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.6/includes/Core/WriteWithAI.php#L138"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/trunk/includes/Core/WriteWithAI.php#L31"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/betterdocs/tags/4.3.6/includes/Core/WriteWithAI.php#L31"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3512640%40betterdocs\u0026new=3512640%40betterdocs\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-15T20:23:25.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-04-23T14:45:35.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6393",
        "datePublished": "2026-04-24T03:27:05.541Z",
        "dateReserved": "2026-04-15T20:07:58.184Z",
        "dateUpdated": "2026-04-24T10:46:24.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3875 (GCVE-0-2026-3875)

    Vulnerability from cvelistv5 – Published: 2026-04-16 06:44 – Updated: 2026-04-16 13:41
    VLAI
    Title
    BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
    Summary
    The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Muhammad Yudha - DJ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3875",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T13:41:16.621075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T13:41:59.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Yudha - DJ"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027betterdocs_feedback_form\u0027 shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T06:44:51.744Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7e4c3c-a12e-4b11-9673-79a7060052a8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?old_path=betterdocs/tags/4.3.8/views/shortcodes/feedback-form.php\u0026new_path=betterdocs/tags/4.3.9/views/shortcodes/feedback-form.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-26T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-03-10T10:53:09.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-04-15T18:25:01.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-3875",
        "datePublished": "2026-04-16T06:44:51.744Z",
        "dateReserved": "2026-03-10T10:33:26.535Z",
        "dateUpdated": "2026-04-16T13:41:59.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1512 (GCVE-0-2026-1512)

    Vulnerability from cvelistv5 – Published: 2026-02-14 09:49 – Updated: 2026-04-08 17:26
    VLAI
    Title
    Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget
    Summary
    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    knani alaaeddine
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T15:36:22.204741Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T15:44:02.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "knani alaaeddine"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:26:18.987Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d652f383-ca3d-440e-a30f-64a50efd65e1?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3456806/essential-addons-for-elementor-lite/tags/6.5.10/includes/Elements/Info_Box.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-27T23:14:09.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-02-13T21:37:33.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u003c= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-1512",
        "datePublished": "2026-02-14T09:49:39.256Z",
        "dateReserved": "2026-01-27T22:58:33.198Z",
        "dateUpdated": "2026-04-08T17:26:18.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0554 (GCVE-0-2026-0554)

    Vulnerability from cvelistv5 – Published: 2026-01-20 14:26 – Updated: 2026-04-08 17:29
    VLAI
    Title
    NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset
    Summary
    The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset analytics for any NotificationX campaign, regardless of ownership.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0554",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T14:46:11.424620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T14:47:07.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner \u0026 Floating Notification Bar",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027regenerate\u0027 and \u0027reset\u0027 REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset analytics for any NotificationX campaign, regardless of ownership."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:29:28.505Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3cd843b-ab38-45c4-a661-78d4e6db5201?source=cve"
            },
            {
              "url": "https://research.cleantalk.org/cve-2026-0554"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3433555%40notificationx\u0026old=3426659%40notificationx\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-24T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-01-01T20:48:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-20T01:50:24.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "NotificationX \u003c= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0554",
        "datePublished": "2026-01-20T14:26:34.215Z",
        "dateReserved": "2026-01-01T20:31:15.582Z",
        "dateUpdated": "2026-04-08T17:29:28.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15380 (GCVE-0-2025-15380)

    Vulnerability from cvelistv5 – Published: 2026-01-20 14:26 – Updated: 2026-04-08 17:11
    VLAI
    Title
    NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'
    Summary
    The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. This is due to insufficient input sanitization and output escaping when processing preview data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute when a user visits a malicious page that auto-submits a form to the vulnerable site.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15380",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-20T14:48:09.377792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-20T14:48:22.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner \u0026 Floating Notification Bar",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner \u0026 Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the \u0027nx-preview\u0027 POST parameter in all versions up to, and including, 3.2.0. This is due to insufficient input sanitization and output escaping when processing preview data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute when a user visits a malicious page that auto-submits a form to the vulnerable site."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:11:27.627Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ca12315-380b-4251-b637-4e9d29df35e0?source=cve"
            },
            {
              "url": "https://research.cleantalk.org/cve-2025-15380/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3433555%40notificationx\u0026old=3426659%40notificationx\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-23T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-12-30T22:14:52.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-20T01:49:23.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "NotificationX \u003c= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via \u0027nx-preview\u0027"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-15380",
        "datePublished": "2026-01-20T14:26:33.859Z",
        "dateReserved": "2025-12-30T21:36:36.412Z",
        "dateUpdated": "2026-04-08T17:11:27.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1004 (GCVE-0-2026-1004)

    Vulnerability from cvelistv5 – Published: 2026-01-16 08:23 – Updated: 2026-04-08 16:33
    VLAI
    Title
    Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure
    Summary
    The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    shrikant bhosale
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-16T13:44:25.467607Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-16T13:44:34.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Essential Addons for Elementor \u2013 Popular Elementor Templates \u0026 Widgets",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "6.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "shrikant bhosale"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the \u0027eael_product_quickview_popup\u0027 function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:33:51.372Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef9a21-e2b9-40c7-9de5-cff175fa10a5?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L820"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L64"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L65"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L832"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L1439"
            },
            {
              "url": "https://github.com/WPDevelopers/essential-addons-for-elementor-lite/commit/4e43db06bcf12870cc3b185ed59b3fe2cd227945"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-05T20:59:27.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-15T20:04:09.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Essential Addons for Elementor \u003c= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-1004",
        "datePublished": "2026-01-16T08:23:37.542Z",
        "dateReserved": "2026-01-15T20:03:46.612Z",
        "dateUpdated": "2026-04-08T16:33:51.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0831 (GCVE-0-2026-0831)

    Vulnerability from cvelistv5 – Published: 2026-01-10 09:22 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write
    Summary
    The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Credits
    M Indra Purnama
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T13:07:30.520778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T13:09:57.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Templately \u2013 Elementor \u0026 Gutenberg Template Library: 6500+ Free \u0026 Pro Ready Templates And Cloud!",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "M Indra Purnama"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:43.379Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3426051/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T23:25:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-09T20:32:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Templately \u003c= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0831",
        "datePublished": "2026-01-10T09:22:18.126Z",
        "dateReserved": "2026-01-09T20:31:20.483Z",
        "dateUpdated": "2026-04-08T17:01:43.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14980 (GCVE-0-2025-14980)

    Vulnerability from cvelistv5 – Published: 2026-01-09 06:34 – Updated: 2026-04-08 16:36
    VLAI
    Title
    BetterDocs <= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure
    Summary
    The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Dmitrii Ignatyev
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-09T18:24:31.739287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-09T18:24:39.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BetterDocs \u2013  Knowledge Base Docs \u0026 FAQ Solution for Elementor \u0026 Block Editor",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "4.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dmitrii Ignatyev"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:36:59.020Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1595f231-d300-484a-a0e1-1e2bc7b82ed3?source=cve"
            },
            {
              "url": "https://research.cleantalk.org/cve-2025-14980/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3430424%40betterdocs%2Ftags%2F4.3.4\u0026old=3422660%40betterdocs%2Ftrunk"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-18T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-12-19T16:46:46.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-08T17:52:33.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "BetterDocs \u003c= 4.3.3 - Authenticated (Contributor+) Sensitive Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-14980",
        "datePublished": "2026-01-09T06:34:52.906Z",
        "dateReserved": "2025-12-19T16:27:14.224Z",
        "dateUpdated": "2026-04-08T16:36:59.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }