Elementor Addon Elements

CVEs (16)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-1358	Webtechstreet Elementor Addon Elements	Hig	0.50	8.8	0.03	Mar 13, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of…
CVE-2024-2792	Webtechstreet Elementor Addon Elements	Med	0.42	6.4	0.00	Apr 9, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
CVE-2024-30422	Webtechstreet Elementor Addon Elements	Med	0.42	6.5	0.00	Mar 28, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.1.
CVE-2024-1422	Webtechstreet Elementor Addon Elements	Med	0.42	6.4	0.00	Mar 13, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This…
CVE-2024-1393	Webtechstreet Elementor Addon Elements	Med	0.42	6.4	0.00	Mar 13, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it…
CVE-2024-1392	Webtechstreet Elementor Addon Elements	Med	0.42	6.4	0.00	Mar 13, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it…
CVE-2024-1391	Webtechstreet Elementor Addon Elements	Med	0.42	6.4	0.00	Mar 13, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output…
CVE-2024-4569	Webtechstreet Elementor Addon Elements	Med	0.35	6.4	0.00	Jun 27, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
CVE-2024-2092	Webtechstreet Elementor Addon Elements	Med	0.35	5.4	0.00	Jun 12, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
CVE-2024-2091	Webtechstreet Elementor Addon Elements	Med	0.35	5.4	0.00	Mar 28, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
CVE-2023-4690	Webtechstreet Elementor Addon Elements	Med	0.35	5.4	0.00	Nov 15, 2023	The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to…
CVE-2023-4689	Webtechstreet Elementor Addon Elements	Med	0.35	5.4	0.00	Nov 15, 2023	The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to…
CVE-2023-5381	Webtechstreet Elementor Addon Elements	Med	0.29	4.4	0.00	Nov 15, 2023	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
CVE-2024-13215	Webtechstreet Elementor Addon Elements		0.00	—	0.00	Jan 15, 2025	The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with…
CVE-2024-8902	Webtechstreet Elementor Addon Elements		0.00	—	0.00	Oct 12, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with…
CVE-2024-4401	Webtechstreet Elementor Addon Elements		0.00	—	0.00	Aug 30, 2024	The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible…

CVE-2024-1358HigMar 13, 2024
Webtechstreet
Elementor Addon Elements
risk 0.50cvss 8.8epss 0.03
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of…
CVE-2024-2792MedApr 9, 2024
Webtechstreet
Elementor Addon Elements
risk 0.42cvss 6.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
CVE-2024-30422MedMar 28, 2024
Webtechstreet
Elementor Addon Elements
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.1.
CVE-2024-1422MedMar 13, 2024
Webtechstreet
Elementor Addon Elements
risk 0.42cvss 6.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This…
CVE-2024-1393MedMar 13, 2024
Webtechstreet
Elementor Addon Elements
risk 0.42cvss 6.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it…
CVE-2024-1392MedMar 13, 2024
Webtechstreet
Elementor Addon Elements
risk 0.42cvss 6.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it…
CVE-2024-1391MedMar 13, 2024
Webtechstreet
Elementor Addon Elements
risk 0.42cvss 6.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output…
CVE-2024-4569MedJun 27, 2024
Webtechstreet
Elementor Addon Elements
risk 0.35cvss 6.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
CVE-2024-2092MedJun 12, 2024
Webtechstreet
Elementor Addon Elements
risk 0.35cvss 5.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
CVE-2024-2091MedMar 28, 2024
Webtechstreet
Elementor Addon Elements
risk 0.35cvss 5.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
CVE-2023-4690MedNov 15, 2023
Webtechstreet
Elementor Addon Elements
risk 0.35cvss 5.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to…
CVE-2023-4689MedNov 15, 2023
Webtechstreet
Elementor Addon Elements
risk 0.35cvss 5.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to…
CVE-2023-5381MedNov 15, 2023
Webtechstreet
Elementor Addon Elements
risk 0.29cvss 4.4epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
CVE-2024-13215Jan 15, 2025
Webtechstreet
Elementor Addon Elements
risk 0.00cvss —epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with…
CVE-2024-8902Oct 12, 2024
Webtechstreet
Elementor Addon Elements
risk 0.00cvss —epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with…
CVE-2024-4401Aug 30, 2024
Webtechstreet
Elementor Addon Elements
risk 0.00cvss —epss 0.00
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible…