CVE-2025-0321 ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter

The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

WordPress plugin ElementsKit Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2025-3827 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.7.8 Description: The issue is related to DOM-Based Stored Cross-Site Scripting via the url parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-37255 WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elements kit Elementor addons: from n/a through 3.1.4...

CVE-2024-37255 WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor ElementsKit Elementor addons Lite elementskit-lite.This issue affects ElementsKit Elementor addons Lite: from n/a through = 3.1.4...

CVE-2024-10091

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-10091

CVE-2024-10091 — ElementsKit Elementor addons (WordPress) stores cross-site scripting via the Image Comparison Widget in versions

WordPress plugin ElementsKit Elementor addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16019 · WordPress · Elementskit Elementor Addons Plugin

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.2.9 Description: The issue is related to Stored Cross-Site Scripting via the Image Comparison Widget due to insufficient input sanitization and output escaping...

WordPress ElementsKit Elementor addons plugin <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.2.9...

CVE-2024-8546

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8546

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8546

CVE-2024-8546 : ElementsKit Elementor addons for WordPress (

CVE-2024-8546 ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress ElementsKit Elementor addons plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Video Widget vulnerability discovered by zer0gh0st in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.2.7...

PT-2024-39085 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.2.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Video widget due to insufficient input sanitization and output escaping o...

WordPress plugin ElementsKit Elementor addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-43996

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0...

CVE-2024-43996

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0...

CVE-2024-43996

CVE-2024-43996 affects WordPress ElementsKit Pro plugin versions through 3.6.0. The vulnerability is Local File Inclusion caused by improper limitation of a pathname to a restricted directory (Path Traversal) in ElementsKit Pro. Impact is PHP Local File Inclusion with a base CVSS v3.1 score of 6....