CVE-2024-8913

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tpaccordion.php. This makes it possibl...

CVE-2024-8858

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechartsettings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-8962

The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-8516

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from...

CVE-2024-8961

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomoreitemstext’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and...

CVE-2024-53816

Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through = 2.1.5...

CVE-2024-53766

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows DOM-Based XSS.This issue affects Devnex Addons For Elementor: from n/a through = 1.0.9...

CVE-2024-53786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codeless Cowidgets – Elementor Addons cowidgets-elementor-addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through = 1.2.0...

CVE-2024-53796

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows DOM-Based XSS.This issue affects themesflat-addons-for-elementor: from n/a through = 2.2.2...

CVE-2024-53763

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elementor: from n/a through 1.0.5...

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12...

CVE-2024-35782

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1...

CVE-2024-2491

The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmltag attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-11829

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchablelabel parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitizati...

CVE-2024-12532

The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive...

CVE-2024-12205

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-56252

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themelooks Enter Addons enteraddons allows Stored XSS.This issue affects Enter Addons: from n/a through = 2.1.9...

CVE-2024-56062

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through = 1.3.987...

CVE-2024-56063

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.0.7...

CVE-2024-54253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons.This issue affects Xpro Elementor Addons: from n/a through = 1.4.6.5...