25 matches found
CVE-2026-4790
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2026-4790
CVE-2026-4790 affects the Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress. The issue is stored cross-site scripting via the 'custom_svg' parameter in versions up to and including 4.11.70 , caused by insufficient input sanitization and output escaping. Th...
CVE-2026-4790 Premium Addons for Elementor <= 4.11.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_svg' Parameter
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...
CVE-2024-11937 Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-4774
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-8681
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-6434
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with...
CVE-2024-0326
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible fo...
CVE-2024-8681 Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-37922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.This issue affects Premium Addons for Elementor: from n/a through = 4.10.34...
CVE-2024-4379
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2024-4379 Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2024-4379
The CVE-2024-4379 vulnerability affects Premium Addons for Elementor (WordPress) and is a DOM-based Stored Cross-Site Scripting issue in the Global Tooltip widget. It exists in all versions up to 4.10.31 due to insufficient input sanitization and output escaping on user-supplied attributes. Explo...
CVE-2024-4378
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2024-32791 WordPress Premium Addons for Elementor plugin <= 4.10.25 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25...
CVE-2024-2665 Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-29106
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16...
CVE-2024-0326
CVE-2024-0326 affects Premium Addons for Elementor for WordPress. It is a Stored Cross-Site Scripting (XSS) vulnerability in the Link Wrapper feature across all versions up to and including 4.10.17. The issue arises from insufficient input sanitization and output escaping on user-supplied links, ...
WordPress Plugin Premium Addons for Elementor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
CVE-2024-1242
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...