CVE-2024-35660

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1...

CVE-2024-32505

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Roxnor ElementsKit Elementor addons Lite elementskit-lite.This issue affects ElementsKit Elementor addons Lite: from n/a through = 3.0.6...

CVE-2024-32572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.0...

CVE-2024-32718

Server-Side Request Forgery SSRF vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2...

CVE-2024-32593

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.3.4.2...

CVE-2024-34432

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4...

CVE-2024-32698

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through = 3.10.4...

CVE-2024-50442

Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through = 1.3.980...

CVE-2024-24833

Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through = 3.10.1...

CVE-2024-50553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Classy Addons Classy Addons for Elementor classy-addons-for-elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through = 1.2.7...

CVE-2024-5576

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-5347

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-5161

The Magical Addons For Elementor Header Footer Builder, Free Elementor Widgets, Elementor Templates Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output...

CVE-2024-5327

The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘ppanimatedgradientbgcolor’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output...

CVE-2024-5686

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-5881

The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbcimage shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5612

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaellightboxopenbtnicon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This mak...

CVE-2024-5553

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

CVE-2024-43150

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2...