Lucene search

Premium Addons For Elementor Security Vulnerabilities

cve

CVE-2021-24257

The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-05 07:15 PM

cve

CVE-2023-34012

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.

7.1CVSS

6AI Score

0.001EPSS

2023-06-23 12:15 PM

cve

CVE-2024-1680

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-03-13 04:15 PM

cve

CVE-2024-24831

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.

6.5CVSS

5.8AI Score

0.0004EPSS

2024-02-10 08:15 AM