34 matches found
CVE-2026-1004 Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickviewpopup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for...
EUVD-2024-32302
Malicious code in bioql PyPI...
WordPress plugin Essential Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-28324 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress versions up to, and including, 6.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization an...
PT-2025-24338 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 6.1.12 Description: The issue is related to Stored Cross-Site Scripting via the eael pricing item tooltip content parameter of the Pricing Table Widget. Th...
CVE-2024-8742
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitizatio...
CVE-2024-3733
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajaxloadmore , eaelwoopaginationproductajax, and ajaxeaelproductgallery...
CVE-2024-5189
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customjs’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escapin...
CVE-2024-4275
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and...
CVE-2024-1236
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization...
CVE-2024-4156
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaeleventtextcolor’ parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output...
CVE-2022-0683
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the /includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes...
CVE-2025-24752
CVE-2025-24752 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin “Essential Addons for Elementor” (versions up to 6.0.14). Root cause: improper input neutralization during web page generation allowing reflection of injected payloads via parameters such as popup-selector. A...
WordPress Essential Addons for Elementor plugin <= 6.1.9 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 6.1.9...
CVE-2025-39590
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.1.9...
PT-2025-8685
Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor affected versions not specified Description A critical XSS flaw has been identified in the Essential Addons for Elementor WordPress plugin, potentially placing over two million websites in jeopardy. This...
CVE-2021-4447
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers wi...
CVE-2024-56063
CVE-2024-56063 affects Essential Addons for Elementor (WPDeveloper) up to version 6.0.7. It is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Exploitation is described as requiring Authentication (Contributor+) to trigger the ...
CVE-2024-51674
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fast Themes Sastra Essential Addons for Elementor sastra-essential-addons-for-elementor allows DOM-Based XSS.This issue affects Sastra Essential Addons for Elementor: from n/a through = 1.0.5...
VulnCheck KEV: CVE-2021-4446
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...