CVE-2024-9059

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-47383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through = 2.0.8.8...

CVE-2024-9888

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

CVE-2024-9682

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9542

The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-54260

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

CVE-2024-54247

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addons and Templates for Elementor: from n/a through 2.0.2...

CVE-2024-54230

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Masud Hasan Unlock Addons for Elementor unlock-addons-for-elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through = 2.2.4...

CVE-2024-5790

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-51665

Server-Side Request Forgery SSRF vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through = 1.2.1...

CVE-2024-51812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wasim Pro Addons For Elementor pro-addons-for-elementor allows Stored XSS.This issue affects Pro Addons For Elementor: from n/a through = 1.5.0...

CVE-2024-51586

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in camilluskillus Elementary Addons elementary-addons allows Stored XSS.This issue affects Elementary Addons: from n/a through = 2.0.4...

CVE-2024-12110

The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate and deactivate functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-51680

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrestaProject Cresta Addons for Elementor cresta-addons-for-elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a through = 1.0.9...

CVE-2024-51590

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HooThemes Hoo Addons for Elementor hoo-addons-for-elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through = 1.0.6...

CVE-2024-6575

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘reswidthvalue’ parameter within the plugin's tppagescroll widget in all versions up to, and including, 5.6.2 due to...

CVE-2024-3885

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-6627

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6340

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6824

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...