41 matches found
CVE-2024-8546
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6582
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...
CVE-2025-0968
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the getmegamenucontent function. This makes it possible for unauthenticated attackers to view any item created in...
WordPress ElementsKit Elementor addons plugin <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function vulnerability
Unauthenticated Information Exposure via getmegamenucontent Function vulnerability discovered by stealthcopter in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.4.0...
CVE-2025-1005
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1005
CVE-2025-1005 affects ElementsKit Elementor Addons and Templates (WordPress) up to version 3.4.0. It is a Stored Cross-Site Scripting via the Image Accordion widget caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated acces...
PT-2025-6820 · WordPress · Elementskit Elementor Addons
Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Image Accordion widget due to insufficient input sanitization and output...
CVE-2024-3499
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...
VulnCheck KEV: CVE-2024-6455
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in...
CVE-2024-6455
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in Elementor,...
CVE-2024-3650
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-26279 · WordPress · Elementskit Elementor Addons
Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions prior to 3.1.1 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the generate...
CVE-2024-2803
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress ElementsKit Elementor addons plugin <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Elements kit Elementor addons versions = 3.0.7...
CVE-2024-1238
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribut...
PT-2024-18666 · WordPress · Elementskit Elementor Addons
Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.6 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the...
CVE-2024-1239
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-6525
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
WordPress Plugin ElementsKit Elementor addons security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-6582
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending...