VYPR

The Plus Addons For Elementor

by WordPress

Source repositories

CVEs (30)

  • CVE-2024-4983MedJun 27, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input…

  • CVE-2024-4485MedMay 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient…

  • CVE-2024-4484MedMay 24, 2024
    risk 0.35cvss 6.4epss 0.01

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input…

  • CVE-2024-3718MedMay 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-2210MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include…

  • CVE-2024-2203MedMar 27, 2024
    risk 0.35cvss 6.4epss 0.01

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute…

  • CVE-2024-1419MedMar 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-8913MedOct 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php.…

  • CVE-2026-2385MedFeb 22, 2026
    risk 0.27cvss 5.3epss 0.00

    The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and…

  • CVE-2024-10365MedNov 20, 2024
    risk 0.21cvss 4.3epss 0.00

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in…

Page 2 of 2