The Plus Addons For Elementor
by Posimyth
Source repositories
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5344 | Med | 0.40 | 6.1 | 0.00 | Jun 21, 2024 | The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization… | ||
| CVE-2024-43977 | Med | 0.38 | 5.9 | 0.00 | Sep 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page… | ||
| CVE-2026-3311 | Med | 0.35 | 6.4 | 0.00 | Apr 8, 2026 | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient… | ||
| CVE-2024-4983 | Med | 0.35 | 6.4 | 0.00 | Jun 27, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input… | ||
| CVE-2024-4485 | Med | 0.35 | 6.4 | 0.00 | May 24, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient… | ||
| CVE-2024-4484 | Med | 0.35 | 6.4 | 0.01 | May 24, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input… | ||
| CVE-2024-3718 | Med | 0.35 | 6.4 | 0.00 | May 24, 2024 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-2210 | Med | 0.35 | 6.4 | 0.00 | Mar 27, 2024 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include… | ||
| CVE-2024-2203 | Med | 0.35 | 6.4 | 0.01 | Mar 27, 2024 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute… | ||
| CVE-2024-1419 | Med | 0.35 | 6.4 | 0.00 | Mar 7, 2024 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2026-2385 | Med | 0.27 | 5.3 | 0.00 | Feb 22, 2026 | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and… | ||
| CVE-2024-11829 | 0.00 | — | 0.00 | Feb 1, 2025 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to… | |||
| CVE-2024-10365 | 0.00 | — | 0.00 | Nov 20, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in… | |||
| CVE-2024-8913 | 0.00 | — | 0.00 | Oct 11, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php.… | |||
| CVE-2024-5583 | 0.00 | — | 0.00 | Aug 22, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due… | |||
| CVE-2024-6575 | 0.00 | — | 0.00 | Aug 20, 2024 | The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and… |
- risk 0.40cvss 6.1epss 0.00
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Stored XSS.This issue affects The Plus Addons for Elementor Page…
- risk 0.35cvss 6.4epss 0.00
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Progress Bar shortcode in all versions up to, and including, 6.4.9 due to insufficient…
- risk 0.35cvss 6.4epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input…
- risk 0.35cvss 6.4epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient…
- risk 0.35cvss 6.4epss 0.01
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input…
- risk 0.35cvss 6.4epss 0.00
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.35cvss 6.4epss 0.00
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include…
- risk 0.35cvss 6.4epss 0.01
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute…
- risk 0.35cvss 6.4epss 0.00
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.27cvss 5.3epss 0.00
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and…
- CVE-2024-11829Feb 1, 2025risk 0.00cvss —epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to…
- CVE-2024-10365Nov 20, 2024risk 0.00cvss —epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in…
- CVE-2024-8913Oct 11, 2024risk 0.00cvss —epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php.…
- CVE-2024-5583Aug 22, 2024risk 0.00cvss —epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due…
- CVE-2024-6575Aug 20, 2024risk 0.00cvss —epss 0.00
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and…
Page 2 of 2