Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.23 views

CVE-2026-4790

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS6AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/05/02 11:16 a.m.24 views

CVE-2026-4790

CVE-2026-4790 affects the Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress. The issue is stored cross-site scripting via the 'custom_svg' parameter in versions up to and including 4.11.70 , caused by insufficient input sanitization and output escaping. Th...

5.4CVSS6AI score0.00194EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.75 views

CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/04 7:22 a.m.2 views

CVE-2024-11937 Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.7AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2025/06/10 12:15 p.m.18 views

CVE-2025-4774

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00218EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.9 views

CVE-2024-8681

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.5 views

CVE-2024-6434

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:26 a.m.12 views

CVE-2024-0326

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible fo...

6.4CVSS5.8AI score0.00613EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/27 6:53 a.m.10 views

CVE-2024-8681 Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00388EPSS
Exploits0References7
NVD
NVD
added 2024/07/20 9:15 a.m.26 views

CVE-2024-37922

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.34...

6.5CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2024/05/31 6:15 a.m.25 views

CVE-2024-4379

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS5.3AI score0.00324EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/31 5:31 a.m.16 views

CVE-2024-4379 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

5.4CVSS5.8AI score0.00324EPSS
Exploits0References3
CVE
CVE
added 2024/05/31 5:31 a.m.65 views

CVE-2024-4379

The CVE-2024-4379 vulnerability affects Premium Addons for Elementor (WordPress) and is a DOM-based Stored Cross-Site Scripting issue in the Global Tooltip widget. It exists in all versions up to 4.10.31 due to insufficient input sanitization and output escaping on user-supplied attributes. Explo...

5.4CVSS5.3AI score0.00324EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/23 11:15 a.m.17 views

CVE-2024-4378

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.9AI score0.00329EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/24 8:45 a.m.15 views

CVE-2024-32791 WordPress Premium Addons for Elementor plugin <= 4.10.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25...

6.5CVSS6.8AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/10 3:9 a.m.16 views

CVE-2024-2665 Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2024/03/19 4:15 p.m.18 views

CVE-2024-29106

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16...

6.5CVSS6.5AI score0.00316EPSS
Exploits0References1
CVE
CVE
added 2024/03/13 3:26 p.m.50 views

CVE-2024-0326

CVE-2024-0326 affects Premium Addons for Elementor for WordPress. It is a Stored Cross-Site Scripting (XSS) vulnerability in the Link Wrapper feature across all versions up to and including 4.10.17. The issue arises from insufficient input sanitization and output escaping on user-supplied links, ...

6.4CVSS6.8AI score0.00613EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.5 views

WordPress Plugin Premium Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS5.7AI score0.00613EPSS
Exploits0References6
NVD
NVD
added 2024/02/29 1:43 a.m.25 views

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00406EPSS
Exploits0References2
Rows per page
Query Builder