Webilia
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Webilia product.
RSS Feeds for Webilia security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Webilia products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Webilia Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 2 vulnerabilities in Webilia with an average score of 7.7 out of ten. Last year, in 2025 Webilia had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Webilia in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.15.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.65 |
| 2025 | 2 | 6.50 |
| 2024 | 1 | 6.40 |
It may take a day or so for new Webilia vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Webilia Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-4326 | Apr 09, 2026 |
Missing Auth in Vertex Addons for Elementor <1.6.4 Allows Plugin Install as SubscriberThe Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is only sent after the installation and activation have already completed. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins from the WordPress. |
|
| CVE-2026-25398 | Mar 25, 2026 |
Missing Auth in Vertex Addons for Elementor <=1.6.4 (Webilia Inc.)Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through <= 1.6.4. |
Addons For Elementor Builder
|
| CVE-2025-67560 | Dec 09, 2025 |
CVE-2025-67560: Missing Auth in Listdom <=5.0.1Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through <= 5.0.1. |
Listdom
|
| CVE-2025-26769 | Feb 17, 2025 |
Vertex Addons for Elementor v1.2.0 Stored XSS (CVE-2025-26769)Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Stored XSS.This issue affects Vertex Addons for Elementor: from n/a through <= 1.2.0. |
Addons For Elementor Builder
|
| CVE-2024-11854 | Dec 04, 2024 |
Listdom WP Plugin <=3.7.0 Stored XSS via shortcodeThe Listdom Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shortcode parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |