VYPR

The Plus Addons For Elementor

by Posimyth

Source repositories

CVEs (36)

  • CVE-2024-5344MedJun 21, 2024
    risk 0.40cvss 6.1epss 0.00

    The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization…

  • CVE-2024-43977MedSep 17, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page…

  • CVE-2026-3311MedApr 8, 2026
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient…

  • CVE-2024-4983MedJun 27, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input…

  • CVE-2024-4485MedMay 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient…

  • CVE-2024-4484MedMay 24, 2024
    risk 0.35cvss 6.4epss 0.01

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input…

  • CVE-2024-3718MedMay 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-2210MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include…

  • CVE-2024-2203MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.01

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute…

  • CVE-2024-1419MedMar 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2026-2385MedFeb 22, 2026
    risk 0.27cvss 5.3epss 0.00

    The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and…

  • CVE-2024-11829Feb 1, 2025
    risk 0.00cvss epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to…

  • CVE-2024-10365Nov 20, 2024
    risk 0.00cvss epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in…

  • CVE-2024-8913Oct 11, 2024
    risk 0.00cvss epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php.…

  • CVE-2024-5583Aug 22, 2024
    risk 0.00cvss epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due…

  • CVE-2024-6575Aug 20, 2024
    risk 0.00cvss epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and…

Page 2 of 2