VYPR

Ultimate Addons For Elementor

by WordPress

Source repositories

CVEs (8)

  • CVE-2023-50890HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.

  • CVE-2024-43267MedAug 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9.

  • CVE-2024-32515MedApr 17, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8.

  • CVE-2025-14434MedDec 31, 2025
    risk 0.34cvss 5.3epss 0.00

    The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to…

  • CVE-2025-9703MedOct 6, 2025
    risk 0.28cvss 4.3epss 0.00

    The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.

  • CVE-2020-13125May 17, 2020
    risk 0.01cvss epss 0.02

    An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

  • CVE-2024-37455Jul 9, 2024
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.

  • CVE-2021-24271May 5, 2021
    risk 0.00cvss epss 0.01

    The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.