X Addons Elementor
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22518 | Med | 0.42 | 6.5 | 0.00 | Jan 8, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.23. | ||
| CVE-2025-9204 | Med | 0.35 | 6.4 | 0.00 | Oct 3, 2025 | The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This… | ||
| CVE-2024-10493 | Med | 0.35 | 5.4 | 0.00 | Nov 28, 2024 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could… | ||
| CVE-2026-24605 | Med | 0.28 | 4.3 | 0.00 | Jan 23, 2026 | Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23. |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
- risk 0.35cvss 6.4epss 0.00
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This…
- risk 0.35cvss 5.4epss 0.00
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.