Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

add-ons.org — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting add-ons.org. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Add-ons.org serves as a repository for browser extensions and plugins, enabling users to enhance functionality across various platforms. Historically, the platform has been associated with multiple security vulnerabilities, including 18 recorded CVEs, with common classes being remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These vulnerabilities often stem from insufficient input validation and improper permission handling. While no major public security incidents have been widely documented, the consistent presence of CVEs indicates ongoing security challenges. The platform's reliance on third-party contributions increases the risk of malicious or poorly coded extensions being distributed, necessitating robust vetting processes to maintain user safety.

Found 5 results / 18Clear Filters
Top products by add-ons.org: PDF for WPForms PDF Invoice Builder for WooCommerce PDF for Elementor Forms + Drag And Drop Template Builder Drag and Drop File Upload for Elementor Forms Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail Cost Calculator for Elementor PDF for Contact Form 7 PDF for Gravity Forms + Drag And Drop Template Builder Product File Upload for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-68534 WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability — PDF for WPFormsCWE-862 6.5 Medium2026-02-20
CVE-2025-60082 WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability — PDF for WPFormsCWE-502 8.8 High2025-12-18
CVE-2025-58620 WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability — PDF for WPFormsCWE-79 6.5 Medium2025-09-03
CVE-2025-49289 WordPress PDF for WPForms plugin <= 5.5.0 - Broken Access Control Vulnerability — PDF for WPFormsCWE-862 5.0 Medium2025-06-06
CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability — PDF for WPFormsCWE-862 5.4 Medium2025-03-27

This page lists every published CVE security advisory associated with add-ons.org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.