CVE-2026-2385 | The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress AJAX email_data Remote Code Execution

Inserito da Angelo Barbosa | Feb 21, 2026 | CVE

A vulnerability categorized as critical has been discovered in The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress. The affected element is an unknown function of the component AJAX Handler. Executing a manipulation of the argument email_data can lead to Remote Code Execution.

This vulnerability is registered as CVE-2026-2385. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-2385 | The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress AJAX email_data Remote Code Execution

Post correlati

CVE-2024-45508 | HTMLDOC up to 1.9.18 ps-pdf.cxx parse_paragraph out-of-bounds write (Issue 528)

CVE-2024-8612 | QEMU virtio-scsi/virtio-blk/virtio-crypto virtqueue_push buffer overflow

CVE-2025-49850 | LS Electric GMWin 4 4.18 PRJ File Parser heap-based overflow (icsa-25-168-02)

CVE-2020-36837 | ThemeGrill Demo Importer Plugin up to 1.6.1 on WordPress reset_wizard_actions authorization