Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Roxnor — Vulnerabilities & Security Advisories 74

Browse all 74 CVE security advisories affecting Roxnor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Roxnor:MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorPopup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersWp Social Login and Register Social CounterMetformWp Ultimate ReviewShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionEmailKit – Email Customizer for WooCommerce & WPGetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsElementsKit Elementor addons LiteFundEnginePopupKitFundEngine – Donation and Crowdfunding PlatformEmailKitGetGenie
CVE IDTitleCVSSSeverityPaused
CVE-2026-39644 WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability — Wp Ultimate ReviewCWE-862 8.2AIHighAI2026-04-08
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-3474 EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter — EmailKit – Email Customizer for WooCommerce & WPCWE-22 4.9 Medium2026-03-20
CVE-2026-2879 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion — GetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsCWE-639 5.4 Medium2026-03-13
CVE-2026-2257 GetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API — GetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsCWE-639 6.4 Medium2026-03-13
CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-306 10.0 Critical2026-02-23
CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification — EmailKit – Email Customizer for WooCommerce & WPCWE-862 4.3 Medium2026-02-18
CVE-2025-14895 PopupKit <= 2.2.0 - Missing Authorization to Sensitive Information Disclosure and Data Deletion — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-862 5.4 Medium2026-02-10
CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-89 8.2 High2026-02-04
CVE-2026-0633 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-287 3.7 Low2026-01-24
CVE-2026-24356 WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability — GetGenieCWE-862 4.9 Medium2026-01-22
CVE-2026-1003 GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion — GetGenie – AI Content Writer with Keyword Research & SEO Tracking ToolsCWE-862 4.3 Medium2026-01-16
CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal — EmailKit – Email Customizer for WooCommerce & WPCWE-73 6.5 Medium2026-01-07
CVE-2025-14441 Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-862 4.3 Medium2026-01-06
CVE-2025-69026 WordPress PopupKit plugin <= 2.1.5 - Sensitive Data Exposure vulnerability — PopupKitCWE-497 4.3 Medium2025-12-30
CVE-2025-14314 WordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerability — PopupKitCWE-89 8.5 High2025-12-18
CVE-2025-63057 WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability — Wp Ultimate ReviewCWE-79 6.5 Medium2025-12-09
CVE-2025-13620 Wp Social Login and Register Social Counter <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering — Wp Social Login and Register Social CounterCWE-862 5.3 Medium2025-12-05
CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionCWE-352 4.3 Medium2025-12-03
CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionCWE-863 2.7 Low2025-10-25
CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-918 7.5 High2025-10-24
CVE-2025-10862 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' — Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce TriggersCWE-89 7.5 High2025-10-09
CVE-2025-60106 WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability — EmailKitCWE-862 4.9 Medium2025-09-26
CVE-2025-10173 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce SolutionCWE-862 2.7 Low2025-09-26
CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability — FundEngineCWE-98 7.5 High2025-08-20
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for ElementorCWE-79 6.4 Medium2025-07-29
CVE-2025-3614 ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2025-07-24
CVE-2025-4479 ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2025-06-19
CVE-2025-47459 WordPress WP Fundraising Donation and Crowdfunding Platform plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability — FundEngineCWE-352 4.3 Medium2025-05-07
CVE-2024-11180 ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for ElementorCWE-79 6.4 Medium2025-03-29

This page lists every published CVE security advisory associated with Roxnor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.