VYPR

X Addons Elementor

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-22518MedJan 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.

  • CVE-2025-9204MedOct 3, 2025
    risk 0.35cvss 6.4epss 0.00

    The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This…

  • CVE-2024-10493MedNov 28, 2024
    risk 0.35cvss 5.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could…

  • CVE-2026-24605MedJan 23, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.