VYPR

Elementor Addons

by Livemeshthemes

CVEs (10)

  • CVE-2026-1620HigApr 16, 2026
    risk 0.57cvss 8.8epss 0.01

    The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the `lae_get_template_part()` function, which uses an inadequate…

  • CVE-2024-2385HigJul 4, 2024
    risk 0.57cvss 8.8epss 0.01

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.4 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level…

  • CVE-2026-39636MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0.

  • CVE-2024-47303MedSep 25, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Cross-Site Scripting (XSS).This issue affects Livemesh Addons for Elementor: from n/a through <= 8.5.

  • CVE-2024-3639MedJul 4, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes like…

  • CVE-2024-2926MedJul 4, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-0448MedFeb 5, 2024
    risk 0.42cvss 6.4epss 0.01

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-8858MedSep 25, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-9868Nov 2, 2024
    risk 0.00cvss epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient…

  • CVE-2024-37547Jul 6, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0.