VYPR

Elementskit Elementor Addons

by Wpmet

Source repositories

CVEs (28)

  • CVE-2025-0321Jan 28, 2025
    risk 0.00cvss epss 0.00

    The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-10091Oct 26, 2024
    risk 0.00cvss epss 0.00

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-8546Sep 25, 2024
    risk 0.00cvss epss 0.00

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-43996Sep 23, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0.

  • CVE-2024-7063Aug 15, 2024
    risk 0.00cvss epss 0.00

    The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data…

  • CVE-2024-7064Aug 15, 2024
    risk 0.00cvss epss 0.00

    The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2023-39993Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.

  • CVE-2024-3650May 2, 2024
    risk 0.00cvss epss 0.00

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

Page 2 of 2