VYPR

The Plus Addons For Elementor

by WordPress

Source repositories

CVEs (30)

  • CVE-2021-24949CriJan 10, 2022
    risk 0.64cvss 9.8epss 0.02

    The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection

  • CVE-2021-4331HigMar 7, 2023
    risk 0.57cvss 8.8epss 0.01

    The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can…

  • CVE-2023-47178HigMay 17, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through 5.2.8.

  • CVE-2025-9698MedOct 13, 2025
    risk 0.44cvss 6.8epss 0.00

    The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.

  • CVE-2026-9243MedMay 29, 2026
    risk 0.42cvss 6.4epss 0.00

    The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render() function,…

  • CVE-2025-7646MedAug 1, 2025
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have…

  • CVE-2025-1287MedMar 8, 2025
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2…

  • CVE-2024-5583MedAug 22, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due…

  • CVE-2024-5763MedAug 20, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due…

  • CVE-2024-4482MedJul 3, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization…

  • CVE-2024-5341MedMay 30, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user…

  • CVE-2024-2784MedMay 24, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-2785MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-0445MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.01

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-3199MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.01

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-3197MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2021-4332MedMar 7, 2023
    risk 0.42cvss 6.5epss 0.01

    The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box.…

  • CVE-2025-46259MedJul 1, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.

  • CVE-2024-11829MedFeb 1, 2025
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to…

  • CVE-2024-6575MedAug 20, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘res_width_value’ parameter within the plugin's tp_page_scroll widget in all versions up to, and…

Page 1 of 2