CVE-2026-15284: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kingaddons King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder
King Addons for Elementor plugin for WordPress versions up to and including 51.1.62 is vulnerable to a stored cross-site scripting (XSS) flaw via the 'form_page_id' parameter. The vulnerability…
Read the full articleYou might also wanna read

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)
On January 11th, 2024, a significant security vulnerability was disclosed in Jinja2, a widely used Python templating library. Identified as

WAF - WAF Release - 2026-05-04
This week's release focuses on new detections to expand coverage across command injection, SQL injection, PHP object injection, remote code

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

Comments
Sign in to join the conversation.
No comments yet. Be the first.