VYPR

Addons For Elementor

by WordPress

Source repositories

CVEs (18)

  • CVE-2026-1620HigApr 16, 2026
    risk 0.57cvss 8.8epss 0.01

    The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the `lae_get_template_part()` function, which uses an inadequate…

  • CVE-2025-9082MedJan 28, 2026
    risk 0.42cvss 6.4epss 0.00

    The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping when dynamic content is enabled. This makes it…

  • CVE-2025-1457MedApr 19, 2025
    risk 0.42cvss 6.4epss 0.00

    The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to…

  • CVE-2025-22321MedJan 7, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs ElementsCSS Addons for Elementor css-for-elementor allows Stored XSS.This issue affects ElementsCSS Addons for Elementor: from n/a through <= 1.0.8.9.

  • CVE-2024-52425MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladislav Urchenko Drozd – Addons for Elementor drozd-addons-for-elementor allows Stored XSS.This issue affects Drozd – Addons for Elementor: from n/a through <= 1.1.1.

  • CVE-2024-2655MedApr 10, 2024
    risk 0.42cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible…

  • CVE-2024-0448MedFeb 5, 2024
    risk 0.42cvss 6.4epss 0.01

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-13535MedApr 1, 2026
    risk 0.35cvss 6.4epss 0.00

    The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple…

  • CVE-2026-1793MedFeb 15, 2026
    risk 0.35cvss 6.5epss 0.00

    The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible for authenticated…

  • CVE-2025-13196MedNov 18, 2025
    risk 0.35cvss 5.4epss 0.00

    The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on…

  • CVE-2025-8609MedNov 18, 2025
    risk 0.35cvss 6.4epss 0.00

    The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2025-31796MedApr 1, 2025
    risk 0.35cvss 5.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in TheInnovs ElementsCSS Addons for Elementor css-for-elementor allows Server Side Request Forgery.This issue affects ElementsCSS Addons for Elementor: from n/a through <= 1.0.8.9.

  • CVE-2024-2539MedApr 10, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget '_id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-1465MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-1461MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-1458MedApr 9, 2024
    risk 0.35cvss 6.4epss 0.00

    The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This…

  • CVE-2025-30926MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons.This issue affects King Addons for Elementor: from n/a through <= 24.12.58.

  • CVE-2026-2295MedFeb 11, 2026
    risk 0.27cvss 5.3epss 0.00

    The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for…