Vulnerabilities in kraftplugins
9 resultsCVE-2025-13066HIGHDemo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload BypassEPSS 0.5%CVE-2024-3627MEDIUMWheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX EndpointsEPSS 0.4%CVE-2025-14478HIGHDemo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File UploadEPSS 0.4%CVE-2024-4702MEDIUMMega Elements <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button WidgetEPSS 0.3%CVE-2024-32575MEDIUMWordPress Mega Elements plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-14364HIGHDemo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege EscalationEPSS 0.3%CVE-2024-9172MEDIUMDemo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-37466MEDIUMWordPress Mega Elements plugin <= 1.2.2 - Contributor+ Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-8200MEDIUMMega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer WidgetEPSS 0.2%