add-ons.org — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting add-ons.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Add-ons.org serves as a repository for browser extensions and plugins, enabling users to enhance functionality across various platforms. Historically, the platform has been associated with multiple security vulnerabilities, including 18 recorded CVEs, with common classes being remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These vulnerabilities often stem from insufficient input validation and improper permission handling. While no major public security incidents have been widely documented, the consistent presence of CVEs indicates ongoing security challenges. The platform's reliance on third-party contributions increases the risk of malicious or poorly coded extensions being distributed, necessitating robust vetting processes to maintain user safety.

Top products by add-ons.org: PDF for WPForms PDF Invoice Builder for WooCommerce PDF for Elementor Forms + Drag And Drop Template Builder Drag and Drop File Upload for Elementor Forms Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail Cost Calculator for Elementor PDF for Contact Form 7 PDF for Gravity Forms + Drag And Drop Template Builder Product File Upload for WooCommerce

CVEs 18

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25328	WordPress Product File Upload for WooCommerce plugin <= 2.2.4 - Arbitrary File Deletion vulnerability — Product File Upload for WooCommerceCWE-22	6.8	Medium	2026-03-25
CVE-2026-22350	WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability — PDF for Elementor Forms + Drag And Drop Template BuilderCWE-862	6.5	Medium	2026-02-20
CVE-2025-68534	WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability — PDF for WPFormsCWE-862	6.5	Medium	2026-02-20
CVE-2025-60084	WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability — PDF for Elementor Forms + Drag And Drop Template BuilderCWE-502	8.8	High	2025-12-18
CVE-2025-60083	WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF Invoice Builder for WooCommerceCWE-502	8.8	High	2025-12-18
CVE-2025-60080	WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability — PDF for Gravity Forms + Drag And Drop Template BuilderCWE-502	7.5	High	2025-12-18
CVE-2025-60081	WordPress PDF for Contact Form 7 plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF for Contact Form 7CWE-502	8.8	High	2025-12-18
CVE-2025-60082	WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF for WPFormsCWE-502	8.8	High	2025-12-18
CVE-2025-58620	WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability — PDF for WPFormsCWE-79	6.5	Medium	2025-09-03
CVE-2025-49387	WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability — Drag and Drop File Upload for Elementor FormsCWE-434	10.0	Critical	2025-08-28
CVE-2025-58208	WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability — PDF for Elementor Forms + Drag And Drop Template BuilderCWE-79	6.5	Medium	2025-08-27
CVE-2025-49289	WordPress PDF for WPForms plugin <= 5.5.0 - Broken Access Control Vulnerability — PDF for WPFormsCWE-862	5.0	Medium	2025-06-06
CVE-2025-47492	WordPress Drag and Drop File Upload for Elementor Forms plugin <= 1.4.3 - Arbitrary File Deletion Vulnerability — Drag and Drop File Upload for Elementor FormsCWE-22	8.6	High	2025-05-23
CVE-2025-47537	WordPress PDF Invoice Builder for WooCommerce plugin <= 5.3.8 - SQL Injection Vulnerability — PDF Invoice Builder for WooCommerceCWE-89	7.6	High	2025-05-07
CVE-2025-47476	WordPress Cost Calculator for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability — Cost Calculator for ElementorCWE-79	6.5	Medium	2025-05-07
CVE-2025-30767	WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability — PDF for WPFormsCWE-862	5.4	Medium	2025-03-27
CVE-2025-24755	WordPress PDF Invoice Builder for WooCommerce plugin <= 4.6.0 - Cross Site Scripting (XSS) vulnerability — PDF Invoice Builder for WooCommerceCWE-79	6.5	Medium	2025-01-24
CVE-2025-22802	WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability — Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMailCWE-79	6.5	Medium	2025-01-09

This page lists every published CVE security advisory associated with add-ons.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

add-ons.org — Vulnerabilities & Security Advisories 18