WordPress Primary Addon for Elementor plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Primary Addon for Elementor versions = 1.6.0...

CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...

WordPress Education Addon for Elementor plugin <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode vulnerability

Authenticated Contributor+ Insecure Direct Object Reference via naeduelementortemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Education Addon for Elementor versions = 1.3.1...

CVE-2024-12046 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedicalelementortemplate' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...

PT-2024-36198 · Elementor · Nicheaddons Restaurant & Cafe Addon For Elementor

Name of the Vulnerable Software and Affected Versions: NicheAddons Restaurant & Cafe Addon for Elementor versions 1.5.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could...

WordPress Super Addons for Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Super Addons for Elementor versions = 1.0...

CVE-2024-49267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nayon46 Unlimited Addon For Elementor unlimited-addon-for-elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through = 2.0.0...

CVE-2024-4669

The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...