VYPR

ElementsKit Elementor Addons and Templates

by WordPress

CVEs (4)

  • CVE-2025-3614MedJul 24, 2025
    risk 0.42cvss 6.4epss 0.00

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2025-4479MedJun 19, 2025
    risk 0.42cvss 6.4epss 0.00

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on…

  • CVE-2025-1005MedFeb 15, 2025
    risk 0.42cvss 6.4epss 0.00

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2025-0968MedFeb 19, 2025
    risk 0.27cvss 5.3epss 0.00

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to…