CVE Tools

roxnor

Web & CMS Pluginscommercial

18

Cumulative CVEs

2

Monthly snapshots

#63

Peak rank

Top products

elementskit elementor addons – advanced widgets & templates addons for elementor5 metform – contact form, survey, quiz, & custom form builder for elementor1 wp social login and register social counter1

Latest CVEs

The 15 most recently published vulnerabilities affecting roxnor.

CVE-2026-4362ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite6.5May 5, 2026
CVE-2026-5957EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter6.5May 5, 2026
CVE-2026-39644WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability5.3Apr 8, 2026
CVE-2026-2600ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget6.4Apr 4, 2026
CVE-2026-3474EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter4.9Mar 20, 2026
CVE-2026-2879GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion5.4Mar 13, 2026
CVE-2026-2257GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API6.4Mar 13, 2026
CVE-2026-23693ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint10.0Feb 23, 2026
CVE-2026-1925EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification4.3Feb 18, 2026
CVE-2025-14895PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion5.4Feb 10, 2026
CVE-2025-13192Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints8.2Feb 4, 2026
CVE-2026-0633MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value3.7Jan 24, 2026
CVE-2026-24356WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability4.9Jan 22, 2026
CVE-2026-1003GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion4.3Jan 16, 2026
CVE-2025-14059EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal6.5Jan 7, 2026