CVE-2026-15285: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in posimyththemes The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor WordPress plugin contained a stored cross-site scripting (XSS) vulnerability in the Button widget's custom_attributes setting. This vulnerability affected versions up to…
Read the full articleYou might also wanna read

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

WAF - WAF Release - 2025-09-08
This week's update This week’s focus highlights newly disclosed vulnerabilities in web frameworks, enterprise applications, and widely deplo

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link

Comments
Sign in to join the conversation.
No comments yet. Be the first.