Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Eleme
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Element
CVE-2025-39588
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Object Injection.This issue affects Ultimate Store Kit Elementor Addons: from
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.5.0.
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons f
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sens
CVE-2025-69382
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1.
CVE-2025-54001
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.
CVE-2025-32928
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through <= 5.2.2.
CVE-2025-59007
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Eleme
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects
CVE-2024-54367
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through <= 2.1.0.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Bli
Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.1.2.
CVE-2026-27438
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1.
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.7
Page 1+ Next →