Vendor CVEs
Exclusiveaddons
All CVEs
23 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31815 | Med | 0.42 | 6.5 | 0.00 | Apr 1, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from n/a through <= 1.2.5. | ||
| CVE-2024-49292 | Med | 0.42 | 6.5 | 0.00 | Oct 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through <= 2.7.1. | ||
| CVE-2024-2751 | Med | 0.42 | 6.4 | 0.00 | May 2, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exad_infobox_animating_mask_style’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-2503 | Med | 0.42 | 6.4 | 0.00 | May 2, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible… | ||
| CVE-2024-32557 | Med | 0.42 | 6.5 | 0.00 | Apr 16, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2. | ||
| CVE-2024-30177 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8. | ||
| CVE-2024-30232 | Med | 0.42 | 6.5 | 0.00 | Mar 26, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9. | ||
| CVE-2024-1234 | Med | 0.38 | 6.4 | 0.02 | Mar 13, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | ||
| CVE-2024-5332 | Med | 0.35 | 6.4 | 0.00 | Jun 26, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-4618 | Med | 0.35 | 6.4 | 0.00 | May 15, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes… | ||
| CVE-2024-3985 | Med | 0.35 | 6.4 | 0.00 | May 2, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This… | ||
| CVE-2024-3489 | Med | 0.35 | 6.4 | 0.00 | May 2, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-2750 | Med | 0.35 | 6.4 | 0.00 | May 2, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-2028 | Med | 0.35 | 6.4 | 0.00 | Mar 13, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-1414 | Med | 0.35 | 6.4 | 0.00 | Mar 13, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-1413 | Med | 0.35 | 6.4 | 0.00 | Mar 13, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-0824 | Med | 0.35 | 6.4 | 0.00 | Jan 27, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-33914 | Med | 0.28 | 4.3 | 0.00 | May 3, 2024 | Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | ||
| CVE-2024-0823 | Med | 0.28 | 5.4 | 0.00 | Feb 5, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes… | ||
| CVE-2022-45067 | Med | 0.28 | 4.3 | 0.00 | Feb 2, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | ||
| CVE-2025-7498 | 0.00 | — | 0.00 | Aug 6, 2025 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | |||
| CVE-2025-1571 | 0.00 | — | 0.00 | Feb 28, 2025 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user… | |||
| CVE-2024-10312 | 0.00 | — | 0.00 | Oct 29, 2024 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level… |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devscred Design Blocks exclusive-blocks allows Stored XSS.This issue affects Design Blocks: from n/a through <= 1.2.5.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor exclusive-addons-for-elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through <= 2.7.1.
- risk 0.42cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exad_infobox_animating_mask_style’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.42cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.
- risk 0.38cvss 6.4epss 0.02
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1.
- risk 0.28cvss 5.4epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.
- CVE-2025-7498Aug 6, 2025risk 0.00cvss —epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- CVE-2025-1571Feb 28, 2025risk 0.00cvss —epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user…
- CVE-2024-10312Oct 29, 2024risk 0.00cvss —epss 0.00
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level…