Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total103
Critical2
High10
Medium90
Reset
Showing 21-40 of 103 records
Threat Entry Updated 2026-04-24

CVE-2026-25007 - Elementor Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through

PLUGIN Elementor

CVE-2026-25007

HIGH CVSS 8.5 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-32462 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through

PLUGIN Elementor

CVE-2026-32462

MEDIUM CVSS 5.9 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-32445 - Elementor Plugin

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through

PLUGIN Elementor

CVE-2026-32445

LOW CVSS 2.7 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-32430 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through

PLUGIN Elementor

CVE-2026-32430

MEDIUM CVSS 6.5 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-32429 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through

PLUGIN Elementor

CVE-2026-32429

MEDIUM CVSS 6.5 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-29

CVE-2026-32395 - Elementor Plugin

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through

PLUGIN Elementor

CVE-2026-32395

MEDIUM CVSS 5.3 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-32372 - Elementor Plugin

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through

PLUGIN Elementor

CVE-2026-32372

MEDIUM CVSS 5.3 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-32352 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through

PLUGIN Elementor

CVE-2026-32352

MEDIUM CVSS 6.5 2026-03-13
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-27983 - Elementor Plugin

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through

PLUGIN Elementor

CVE-2026-27983

CRITICAL CVSS 9.8 2026-03-05
Open Full Technical Breakdown
Threat Entry Updated 2026-04-22

CVE-2026-27376 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through

PLUGIN Elementor

CVE-2026-27376

HIGH CVSS 7.1 2026-03-05
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-25416 - Elementor Plugin

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through

PLUGIN Elementor

CVE-2026-25416

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-25386 - Elementor Plugin

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through

PLUGIN Elementor

CVE-2026-25386

MEDIUM CVSS 5.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-24947 - Elementor Plugin

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through < 1.5.6.3.

PLUGIN Elementor

CVE-2026-24947

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-04-28

CVE-2026-24390 - Elementor Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.

PLUGIN Elementor

CVE-2026-24390

HIGH CVSS 7.5 2026-01-22
Open Full Technical Breakdown
Threat Entry Updated 2026-01-13

CVE-2025-13393 - Elementor Plugin

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services via the fifu_input_url parameter in the FIFU Elementor widget granted…

PLUGIN Elementor

CVE-2025-13393

MEDIUM CVSS 4.3 2026-01-10
Open Full Technical Breakdown
Threat Entry Updated 2025-12-16

CVE-2025-11220 - Elementor Plugin

The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Elementor

CVE-2025-11220

MEDIUM CVSS 6.4 2025-12-16
Open Full Technical Breakdown
Threat Entry Updated 2025-11-26

CVE-2025-12493 - Elementor Plugin

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded…

PLUGIN Elementor

CVE-2025-12493

CRITICAL CVSS 9.8 2025-11-04
Open Full Technical Breakdown
Threat Entry Updated 2025-08-15

CVE-2025-8081 - Elementor Plugin

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

PLUGIN Elementor

CVE-2025-8081

MEDIUM CVSS 4.9 2025-08-12
Open Full Technical Breakdown
Threat Entry Updated 2025-07-29

CVE-2025-4566 - Elementor Plugin

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This attack affects only Chrome/Edge browsers

PLUGIN Elementor

CVE-2025-4566

MEDIUM CVSS 6.4 2025-07-29
Open Full Technical Breakdown
Threat Entry Updated 2025-11-26

CVE-2025-3775 - Elementor Plugin

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, and can be used to query and modify information from internal services.

PLUGIN Elementor

CVE-2025-3775

MEDIUM CVSS 6.5 2025-04-25
Open Full Technical Breakdown
Scroll to top